--- PROCESS FUNCTIONS --- Load supplimental files... - Skip function list, total:795 - Skip var list, total:22 Pre-processing... STOP WATCH[0]: 294.137000 ms Found 857 syscalls Process Gating Functions Gating Function Type: capability Load CAP FUNC list, total:3 Inner checking functions: - avc_denied @ 7 - security_capable @ 2 i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i8*) i8* bitcast (i1 (i32)* @capable to i8*) i8* bitcast (i1 (%struct.netlink_skb_parms.609104*, %struct.user_namespace*, i32)* @__netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.sock.230350*, %struct.user_namespace*, i32)* @sk_ns_capable to i8*) i8* bitcast (i1 (%struct.sk_buff.224955*, %struct.user_namespace*, i32)* @netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.sock.230350*, i32)* @sk_net_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_noaudit to i8*) i8* bitcast (i1 (%struct.sk_buff.224955*, i32)* @netlink_capable to i8*) i8* bitcast (i1 (%struct.task_struct.39605*, i32)* @has_capability to i8*) i8* bitcast (i1 (%struct.sock.230350*, i32)* @sk_capable to i8*) i8* bitcast (i1 (%struct.file.39652*, %struct.user_namespace*, i32)* @file_ns_capable to i8*) i8* bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i8*) i8* bitcast (i1 (%struct.sk_buff.224955*, i32)* @netlink_net_capable to i8*) STOP WATCH[0]: 4.790000 ms =chk functions and wrappers (total:17)= . __netlink_ns_capable @ 2 . netlink_net_capable @ 1 . has_capability_noaudit @ 1 . capable_wrt_inode_uidgid @ 1 . ns_capable @ 1 . has_ns_capability_noaudit @ 2 . netlink_capable @ 1 . capable @ 0 . avc_has_perm_noaudit @ 5 . sk_ns_capable @ 2 . netlink_ns_capable @ 2 . sk_net_capable @ 1 . ns_capable_noaudit @ 1 . has_ns_capability @ 2 . has_capability @ 1 . sk_capable @ 1 . file_ns_capable @ 2 =o= Collect Checkpoints STOP WATCH[0]: 272.892000 ms Identify interesting struct Function: packet_create used by struct.net_proto_family Function: max_medium_access_timeouts_store used by struct.device_attribute.472069 Function: compat_do_ip6t_get_ctl used by  new discover:struct.nf_sockopt_ops.706912 Function: do_ip6t_get_ctl used by struct.nf_sockopt_ops.706912 Function: compat_do_ip6t_set_ctl used by struct.nf_sockopt_ops.706912 Function: compat_do_ipt_get_ctl used by  new discover:struct.nf_sockopt_ops.666760 Function: do_ipt_get_ctl used by struct.nf_sockopt_ops.666760 Function: compat_do_ipt_set_ctl used by struct.nf_sockopt_ops.666760 Function: do_ipt_set_ctl used by struct.nf_sockopt_ops.666760 Function: sdev_store_eh_timeout used by struct.device_attribute.469417 Function: vt_compat_ioctl used by  new discover:struct.tty_operations.40291 Function: msr_open used by struct.file_operations Function: mtrr_write used by struct.file_operations Function: mtrr_ioctl used by struct.file_operations Function: ifalias_store used by struct.device_attribute.597939 Function: group_store used by struct.device_attribute.597939 Function: proc_bus_pci_read used by struct.file_operations.1588 Function: subcaches_store used by struct.device_attribute.21267 Function: proc_taint used by  new discover:struct.ctl_table Function: netlink_sendmsg used by  new discover:struct.proto_ops.224987 Function: packet_sendmsg used by  new discover:struct.proto_ops.230346 Function: carrier_store used by struct.device_attribute.597939 Function: xps_rxqs_store used by struct.netdev_queue_attribute Function: audit_bind used by  new discover:struct.netlink_kernel_cfg Function: rtnetlink_bind used by  new discover:struct.netlink_kernel_cfg.592045 Function: enable_store used by struct.device_attribute.274098 Function: md_attr_store used by struct.sysfs_ops.533235 Function: do_ip6t_set_ctl used by struct.nf_sockopt_ops.706912 Function: pci_read_config used by struct.bin_attribute Function: intel_pmu_hw_config used by  new discover:struct.x86_pmu.5376 Function: numa_node_store used by struct.device_attribute.274098 Function: ptp_ioctl used by  new discover:struct.posix_clock_operations Function: set_permissions used by  new discover:struct.ctl_table_root Function: proto_down_store used by struct.device_attribute.597939 Function: xdp_func_proto used by  new discover:struct.bpf_verifier_ops Function: cgroup_mount used by  new discover:struct.file_system_type.81383 Function: mntns_install used by struct.proc_ns_operations.127973 Function: tx_queue_len_store used by struct.device_attribute.597939 Function: packet_sendmsg_spkt used by struct.proto_ops.230346 Function: netlink_setsockopt used by struct.proto_ops.224987 Function: open_port used by struct.file_operations.323952 Function: mtu_store used by struct.device_attribute.597939 Function: sg_proc_write_adio used by struct.file_operations.473574 Function: store_rps_dev_flow_table_cnt used by struct.rx_queue_attribute Function: flags_store used by struct.device_attribute.597939 Function: p4_hw_config used by  new discover:struct.x86_pmu.3618 Function: gro_flush_timeout_store used by struct.device_attribute.597939 Function: sk_filter_func_proto used by struct.bpf_verifier_ops Function: autofs_dev_ioctl used by struct.file_operations.39492 Function: r_show used by  new discover:struct.seq_operations.1586 Function: proc_cap_handler used by struct.ctl_table Function: ipcns_install used by struct.proc_ns_operations.225468 Function: pagemap_read used by struct.file_operations.146386 Function: open_kcore used by struct.file_operations Function: net_ctl_permissions used by struct.ctl_table_root Function: netns_install used by struct.proc_ns_operations.586407 Function: sk_reuseport_func_proto used by struct.bpf_verifier_ops Function: msi_bus_store used by struct.device_attribute.274098 Function: i915_perf_add_config_ioctl used by  new discover:struct.drm_ioctl_desc.356678 Function: compat_blkdev_ioctl used by struct.file_operations.133628 Function: perf_kprobe_event_init used by  new discover:struct.pmu.97651 Function: devkmsg_open used by struct.file_operations.66037 Function: mmap_min_addr_handler used by struct.ctl_table Function: timerslack_ns_write used by struct.file_operations.147305 Function: proc_dointvec_minmax_sysadmin used by struct.ctl_table Function: proc_bus_pci_mmap used by struct.file_operations.1588 Function: audit_receive used by struct.netlink_kernel_cfg Function: sock_ioctl used by struct.file_operations.230044 Function: i915_getparam_ioctl used by struct.drm_ioctl_desc.356678 Function: soft_store used by struct.device_attribute.775997 Function: utsns_install used by struct.proc_ns_operations Function: perf_uprobe_event_init used by struct.pmu.97651 Function: cgroupns_install used by struct.proc_ns_operations.82467 Function: manage_start_stop_store used by struct.device_attribute.472069 Function: allow_restart_store used by struct.device_attribute.472069 Function: pidns_install used by struct.proc_ns_operations.45912 Function: cgroup_release_agent_write used by  new discover:struct.cftype.82679 Function: nfnetlink_rcv used by  new discover:struct.netlink_kernel_cfg.609105 Function: seccomp_actions_logged_handler used by struct.ctl_table Function: i915_perf_open_ioctl used by struct.drm_ioctl_desc.356678 Function: rtc_dev_ioctl used by struct.file_operations Function: i915_gem_context_setparam_ioctl used by struct.drm_ioctl_desc.356678 Function: store_rps_map used by struct.rx_queue_attribute Function: lo_ioctl used by  new discover:struct.block_device_operations.464047 Function: perf_mmap used by struct.file_operations.97337 Function: tty_ioctl used by struct.file_operations.230044 Function: vt_ioctl used by struct.tty_operations.40291 Function: uart_ioctl used by  new discover:struct.tty_operations.320007 Function: uart_proc_show used by struct.tty_operations.320007 Function: random_ioctl used by struct.file_operations.251564 Function: nvram_ioctl used by struct.file_operations Function: agp_open used by struct.file_operations.39492 Function: max_write_same_blocks_store used by struct.device_attribute.472069 Function: net_current_may_mount used by  new discover:struct.kobj_ns_type_operations.597932 Function: netlink_bind used by struct.proto_ops.224987 Function: sg_proc_write_dressz used by struct.file_operations.473574 Function: microcode_open used by struct.file_operations Function: cgroup1_remount used by  new discover:struct.kernfs_syscall_ops.82672 Function: i915_gem_context_reset_stats_ioctl used by struct.drm_ioctl_desc.356678 Function: tc_cls_act_func_proto used by struct.bpf_verifier_ops Function: protection_type_store used by struct.device_attribute.472069 Function: rdev_attr_store used by struct.sysfs_ops.533235 Function: ipip6_tunnel_ioctl used by  new discover:struct.net_device_ops.657211 Function: i915_perf_remove_config_ioctl used by struct.drm_ioctl_desc.356678 Function: snapshot_ioctl used by struct.file_operations.50535 Function: dm_ctl_ioctl used by struct.file_operations.534427 Function: inet6_create used by struct.net_proto_family.681266 Function: __inet6_bind used by  new discover:struct.ipv6_bpf_stub.681269 Function: esre_attr_show used by struct.sysfs_ops Function: netlink_connect used by struct.proto_ops.224987 Function: pps_cdev_ioctl used by struct.file_operations.39492 Function: xps_cpus_store used by struct.netdev_queue_attribute Function: md_ioctl used by  new discover:struct.block_device_operations.533492 Function: pps_enable_store used by struct.device_attribute.530679 Function: dm_blk_ioctl used by  new discover:struct.block_device_operations.534329 Function: store_state_disable used by  new discover:struct.cpuidle_state_attr Function: state_store.63075 used by struct.device_attribute.775997 Function: efivar_attr_show used by struct.sysfs_ops Function: efivar_attr_store used by struct.sysfs_ops Function: zeroing_mode_store used by struct.device_attribute.472069 Function: provisioning_mode_store used by struct.device_attribute.472069 Function: ext4_attr_store used by struct.sysfs_ops.167596 Function: serport_ldisc_open used by  new discover:struct.tty_ldisc_ops.314341 Function: unix_ioctl used by struct.proto_ops.230346 Function: cg_skb_func_proto used by struct.bpf_verifier_ops Function: lwt_out_func_proto used by struct.bpf_verifier_ops Function: sock_filter_func_proto used by struct.bpf_verifier_ops Function: sock_addr_func_proto used by struct.bpf_verifier_ops Function: sock_ops_func_proto used by struct.bpf_verifier_ops Function: sk_skb_func_proto used by struct.bpf_verifier_ops Function: sk_msg_func_proto used by struct.bpf_verifier_ops Function: tx_maxrate_store used by struct.netdev_queue_attribute Function: inet_create used by struct.net_proto_family.652226 STOP WATCH[0]: 437.210000 ms Collecting Initialization Closure. Finding Kernel Entry Point and all __initcall_ Found x86_64_start_kernel STOP WATCH[1]: 48.635000 ms Initial Kernel Init Function Count:2 Over Approximate Kernel Init Functions STOP WATCH[1]: 24.656000 ms Refine Result refine pass 0 1458 left refine pass 1 777 left refine pass 2 598 left refine pass 3 556 left refine pass 4 549 left Refine result : count=549 STOP WATCH[1]: 15.178000 ms =Kernel Init Functions= arch_reserve_mem_area acpi_table_upgrade set_phy_reg read_persistent_wall_and_boot_offset setup_cpu_entry_area get_phy_reg n_tty_init spectre_v2_parse_cmdline spec_ctrl_disable_kernel_rrsba spectre_v2_determine_rsb_fill_type_at_vmexit jump_label_init cea_map_percpu_pages smp_setup_processor_id acpi_osi_dmi_blacklisted early_acpi_osi_init setup_kmalloc_cache_index_table efi_apply_memmap_quirks early_panic __efi_memmap_alloc_late init_hw_breakpoint match_config_table console_init cgroup_add_legacy_cftypes boot_cpu_hotplug_init memblock_mark_mirror register_trigger_traceon_traceoff_cmds register_trigger_enable_disable_cmds register_trigger_cmds trace_event_init trace_init check_iommu_entries pci_iommu_alloc reset_all_zones_managed_pages reserve_bootmem_region __free_pages_memory __free_memory_core free_all_bootmem register_page_bootmem_info mem_init_print_info mem_init bootstrap create_kmalloc_cache vmalloc_init arch_ioremap_pud_supported arch_ioremap_pmd_supported ioremap_huge_init init_espfix_random init_espfix_bsp pti_user_pagetable_walk_p4d pti_setup_vsyscall pti_init acpi_ut_create_rw_lock kmem_cache_init register_event_command early_irq_init x86_report_nx cred_init inode_init_early page_alloc_init acpi_os_create_cache idt_setup_early_pf proc_thread_self_init __register_nosave_region memblock_overlaps_region numa_cleanup_meminfo cgroup_init_early __next_reserved_mem_region fpu__init_system_ctx_switch efi_ioremap old_map_region efi_map_region rcu_bootup_announce_oddness hrtimers_prepare_cpu mcheck_vendor_init_severity memblock_set_current_limit mminit_verify_zonelist init_dl_bandwidth tick_init init_sched_fair_class efi_mem_reserve sched_init perf_event_init memblock_phys_mem_size fpu__init_system memblock_add x86_amd_ssb_disable setup_per_cpu_pageset efi_memblock_x86_reserve_range ssb_parse_cmdline acpi_blacklisted e820__range_update sched_clock_init cpu_mitigations_auto_nosmt idt_setup_early_handler set_task_stack_end_magic update_spec_ctrl rcu_boot_init_percpu_data phys_pmd_init efi_setup_page_tables bdev_cache_init mtrr_bp_pat_init free_bootmem_late set_dma_reserve buffer_init idle_thread_set_boot_cpu efi_call_phys_epilog fpu__init_system_generic idt_setup_early_traps reserve_crashkernel setup_zone_pageset mmap_init idt_setup_ist_traps init_cfs_rq proc_net_init update_page_count efi_memmap_unmap radix_tree_init sysctl_init proc_sys_init housekeeping_init spectre_v2_parse_user_cmdline spectre_v2_user_select_mitigation vsmp_init set_proc_pid_nlink efi_alloc_page_tables init_schedstats setup_cpu_entry_areas efi_merge_regions efi_memmap_init_late cpumask_weight.6903 e820__reserve_setup_data init_defrootdomain efi_runtime_update_mappings __efi_enter_virtual_mode cpuset_init boot_cpu_init pcpu_free_alloc_info sort_iommu_table efi_find_mirror kmem_cache_init_late taskstats_init_early print_mtrr_state irq_set_default_host cpu_smt_check_topology pci_msi_create_irq_domain efi_arch_mem_reserve rcu_init_one tick_broadcast_init apply_microcode_early_amd init_tg_cfs_entry numa_register_memblks setup_per_cpu_areas kernfs_init build_all_zonelists workqueue_init_early efi_dump_pagetable perf_swevent_init_cpu call_function_init do_add_efi_memmap zone_pageset_init init_timers initcall_debug_enable perf_event_init_cpu rcu_dump_rcu_node_tree mds_select_mitigation dmi_walk_early proc_init_kmemcache efi_memmap_split_count softirq_init init_timer_cpus efi_delete_dummy_variable cpu_mitigations_off chrdev_init load_ucode_intel_bsp setup_nr_node_ids mmio_select_mitigation md_clear_select_mitigation prefill_possible_map check_dev_quirk anon_vma_init dmi_memdev_walk efi_free_boot_services time_init acpi_subsystem_init parse_efi_setup efi_mem_desc_end check_loader_disabled_bsp nsfs_init cgroup_init __xstate_dump_leaves __init_swait_queue_head vm_area_add_early capability_add_hooks vm_area_register_early get_last_crashkernel __ssb_select_mitigation init_range_memory_mapping taa_select_mitigation acpi_os_initialize acpi_initialize_subsystem pcpu_build_alloc_info arch_get_random_seed_long_early acpi_parse_madt_lapic_entries acpi_ut_create_caches proc_caches_init load_ucode_amd_bsp init_cfs_bandwidth load_ucode_bsp apic_validate_deadline_timer lookup_address efi_memmap_alloc vfs_caches_init_early setup_cpu_local_masks numa_clear_kernel_node_hotplug x86_64_start_kernel init_ramfs_fs efi_set_executable setup_xstate_comp free_saved_cmdlines_buffer setup_command_line efi_enter_virtual_mode cpu_set_bug_bits phys_pud_init rcu_init memory_map_bottom_up __load_ucode_amd setup_arch acpi_os_map_generic_address parse_crashkernel_high perf_event_init_all_cpus io_apic_init_mappings efi_memmap_install add_range_with_merge io_delay_init acpi_ns_root_initialize __trace_early_add_events alternative_instructions acpi_ut_init_globals thread_stack_cache_init dmi_format_ids init_dl_rq restart_nmi parse_crashkernel_simple fork_init fpu__init_parse_early_param early_code_mapping_set_exec mp_config_acpi_legacy_irqs acpi_osi_dmi_darwin pcpu_page_first_chunk sysfs_init efi_memmap_insert e820__memory_setup init_ohci1394_controller e820__update_table_print efi_esrt_init create_kmalloc_caches trace_printk_start_comm md_clear_update_mitigation arch_get_random_long_early phys_efi_set_virtual_address_map x86_early_init_platform_quirks probe_page_size_mask runtime_code_page_mkexec register_trigger_stacktrace_cmd srcu_online_cpu init_trampoline_pud do_security_initcalls mm_init sort_main_extable prandom_bytes_state reserve_initrd fpu__init_system_xstate log_buf_add_cpu e820__end_of_ram_pfn pti_check_boottime_disable efi_init build_all_zonelists_init init_mem_mapping cpuset_init_current_mems_allowed __build_all_zonelists proc_create_mount_point build_zonelists reserve_crashkernel_low alloc_ioapic_saved_registers radix_tree_init_maxnodes efi_call_phys_prolog e820__print_table mem_encrypt_init print_filtered event_trace_memsetup efi_memattr_apply_permissions proc_tty_init arch_init_msi_domain acpi_early_init setup_log_buf check_bugs printk_safe_init acpi_mps_check efi_config_parse_tables acpi_parse_madt_ioapic_entries cgroup_init_subsys rcu_init_geometry security_init acpi_reallocate_root_table idt_setup_traps unregister_event_command delayacct_init e820__register_nosave_regions vfs_caches_init spectre_v1_select_mitigation efi_print_memmap arch_probe_nr_irqs x86_numa_init free_low_memory_core_early set_real_mode_mem stop_nmi memblock_is_region_memory parse_crashkernel_mem mnt_init efi_memory_uc acpi_ut_initialize_interfaces kernel_physical_mapping_init init_mount_tree init_rootfs dcache_init_early setup_node_to_cpumask_map e820__memblock_alloc_reserved uts_ns_init files_maxfiles_init arch_early_irq_init identify_boot_cpu tsx_init adjust_range_page_size_mask kclist_add early_reserve_initrd retbleed_select_mitigation setup_nr_cpu_ids mtrr_bp_init trim_bios_range dmi_decode_table acpi_os_predefined_override x86_64_start_reservations firmware_map_add_early dump_stack_set_arch_desc __trace_early_add_new_event irq_alloc_matrix acpi_ut_mutex_initialize early_trace_init tracer_alloc_buffers __efi_memmap_init timekeeping_init proc_root_init page_writeback_init start_kernel copy_bootdata kexec_enter_virtual_mode print_xstate_features efi_tpm_eventlog_init init_trace_flags_index early_quirks cmdline_find_option acpi_reserve_initial_tables setup_xstate_features efi_map_region_fixed __map_region init_IRQ seq_file_init update_regset_xstate_info create_boot_cache map_vsyscall signals_init __memblock_alloc_base memblock_alloc acpi_boot_init rcutree_online_cpu efi_md_typeattr_format efi_native_runtime_setup pcpu_setup_first_chunk pcpu_chunk_relocate pcpu_alloc_first_chunk lcm pcpu_dump_alloc_info arch_task_cache_init init_memory_mapping save_mr alloc_low_pages split_mem_range setup_bios_corruption_check rest_init trap_init cgroup_add_dfl_cftypes early_cpu_init ssb_select_mitigation l1tf_select_mitigation topology_smt_supported early_memremap_ro memblock_clear_hotplug e820__memory_setup_extended pcpu_alloc_alloc_info acpi_parse_spcr acpi_table_init_complete parse_early_param dmi_present dmi_smbios3_present memblock_is_region_reserved efi_reuse_config cgroup_init_cftypes early_alloc_pgt_buf efi_config_init arch_early_ioapic_init early_platform_quirks parse_crashkernel_low srbds_select_mitigation rcu_scheduler_starting random_init acpi_pic_sci_set_trigger efi_reserve_boot_services pid_idr_init init_ohci1394_reset_and_init_dma dcache_init key_init cmdline_find_option_bool print_xstate_offset_size cleanup_highmap rcu_early_boot_tests rcupdate_announce_bootup_oddness memblock_find_dma_reserve proc_self_init unwind_init register_refined_jiffies efi_mem_type e820__setup_pci_gap e820__reserve_resources ioapic_setup_resources init_cpu_to_node init_memory_less_node e820_type_to_string memblock_mem_size early_memremap_prot alloc_node_data init_apic_mappings acpi_process_madt early_pci_scan_bus new_kmalloc_cache set_vsyscall_pgtable_user_bits __parse_crashkernel parse_crashkernel_suffix x86_get_mtrr_mem_range parse_crashkernel initmem_init numa_init print_xstate_feature numa_init_array __memblock_dump_all memblock_dump numa_meminfo_cover_memory swiotlb_size_or_default memblock_set_node early_acpi_boot_init early_acpi_process_madt early_acpi_parse_madt_lapic_addr_ovr vsmp_cap_cpus detect_vsmp_box e820__end_of_low_ram_pfn acpi_boot_table_init relocate_initrd init_ohci1394_dma_on_all_controllers init_ohci1394_wait_for_busresets init_ohci1394_initialize memory_map_top_down init_trampoline clean_sort_range phys_pte_init trim_snb_memory snb_gfx_workaround_needed e820__memblock_alloc_reserved_mpc_new get_cpu_vendor efi_map_regions reserve_bios_regions e820__memblock_setup memblock_trim_memory memblock_allow_resize reserve_brk kernel_randomize_memory kaslr_get_random_long mtrr_trim_uncached_memory mtrr_cleanup get_mtrr_state print_fixed_last print_fixed amd_special_default_mtrr get_mtrr_var_range set_num_var_ranges numa_reset_distance setup_init_fpu_buf e820_add_kernel_range reserve_real_mode cpumask_weight.5596 init_cache_modes early_ioremap_setup tsc_early_init dmi_set_dump_stack_arch_desc mcheck_init mcheck_intel_therm_init dmi_scan_machine efi_runtime_init efi_runtime_init32 efi_runtime_init64 efi_memattr_init efi_systab_init e820__finish_early_params memblock_x86_reserve_range_setup_data efi_memmap_init_early parse_setup_data spectre_v2_select_mitigation early_ioremap_init arch_init_ideal_nops early_identify_cpu fpu__xstate_clear_all_cpu_caps add_preferred_console idt_setup_debugidt_traps e820_search_gap rcu_test_sync_prims arch_post_acpi_subsys_init cgroup_add_cftypes cgroup1_ssid_disabled init_rt_rq cgroup_idr_alloc init_rt_bandwidth rcu_sync_enter_start cgroup_rstat_boot init_ohci1394_soft_reset wait_bit_init pcpu_embed_first_chunk event_trace_enable fpu__get_supported_xfeatures_mask inode_init copy_from_early_mem hrtimers_init fpu__init_prepare_fx_sw_frame ntp_init files_init numa_policy_init pagecache_init nsproxy_cache_init cpumask_weight.12179 efi_clean_memmap efi_memmap_entry_valid absent_pages_in_range =o= STOP WATCH[0]: 89.020000 ms Identify Kernel Modules Interface STOP WATCH[0]: 48.795000 ms dynamic KMI #dyn kmi resolved:2306 STOP WATCH[0]: 208.941000 ms Populate indirect callsite using kernel module interface ------ KMI STATISTICS ------ # of indirect call sites: 20564 # resolved by KMI:18526 90% # - KMI:8332 40% # - DKMI:7111 34% # (total target) of callee:66771 # undefined-found-m : 1801 8% # undefined-udf-m : 1282 6% # fpara(KMI can not handle, try SVF?): 494 2% # global fptr(try SVF?): 127 0% # cast fptr(try SVF?): 0 0% # call use container_of(), high level type info stripped: 1341 6% # unknown pattern:76 0% STOP WATCH[0]: 7549.121000 ms Collect all permission-checked variables and functions Critical functions skipped because of skip func list: 271 STOP WATCH[0]: 442.307000 ms Collected 694 critical functions Collected 152 critical variables Collected 199 critical type/fields --- Variables Protected By Gating Function--- trace_percpu_buffer CAP_SYSLOG @ has_capability_noaudit trace_taskinfo_save CAP_SYSLOG @ has_capability_noaudit trace_buffered_event_cnt CAP_SYSLOG @ has_capability_noaudit trace_buffered_event CAP_SYSLOG @ has_capability_noaudit xfrm_dispatch CAP_NET_ADMIN @ netlink_net_capable create_on_open CAP_SYS_ADMIN @ capable mdp_major CAP_SYS_ADMIN @ capable all_detected_devices CAP_SYS_ADMIN @ capable detected_devices_mutex CAP_SYS_ADMIN @ capable lookup_ioctl._ioctls CAP_SYS_ADMIN @ capable image_size CAP_SYS_ADMIN @ capable freezer_test_done CAP_SYS_ADMIN @ capable in_suspend CAP_SYS_ADMIN @ capable dcookie_users CAP_SYS_ADMIN @ capable event_mutex CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable init_pid_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable module_notify_list CAP_SYS_MODULE @ capable sysctl_protected_fifos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netns_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tty_ldiscs CAP_SYS_MODULE @ capable uevent_sock_mutex CAP_SYS_ADMIN @ netlink_ns_capable alarm_bases CAP_WAKE_ALARM @ capable CAP_WAKE_ALARM @ capable packet_proto CAP_NET_RAW @ ns_capable event CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check switch.table.do_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check qdisc_root_sleeping_running.__warned CAP_NET_ADMIN @ netlink_ns_capable least_priority CAP_SYS_ADMIN @ capable state CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __default_kernel_pte_mask CAP_SYS_MODULE @ capable sysctl_protected_hardlinks CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check funcbufleft CAP_SYS_TTY_CONFIG @ capable dcookie_hashtable CAP_SYS_ADMIN @ capable module_mutex CAP_SYS_MODULE @ capable pipe_max_size CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check wfd CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check modules_disabled CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable seccomp_actions_logged CAP_SYS_ADMIN @ capable gid CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acct_on_mutex CAP_SYS_PACCT @ capable cn_proc_event_id CAP_NET_ADMIN @ __netlink_ns_capable nr_swapfiles CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable uid CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rdev CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipip6_tunnel_del_prl.__warned CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check hash_size CAP_SYS_ADMIN @ capable mode CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check may_mandlock.__print_once CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check md_misc_wq CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cleanup_list.55341 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tty_ldiscs_lock CAP_SYS_MODULE @ capable phys_base CAP_SYS_ADMIN @ capable system_transition_mutex CAP_SYS_ADMIN @ capable CAP_SYS_BOOT @ ns_capable inconsistent check names_cachep CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tcp_ulp_list CAP_NET_ADMIN @ capable module_wq CAP_SYS_MODULE @ capable selinux_state CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit %81 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* nonnull @selinux_state, i32 %48, i32 %76, i16 zeroext %78, i32 %43, i32 %80, %struct.gnet_stats_queue* nonnull %3) #69 Dynamic Load CAP pipefifo_fops CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check xfrm_msg_min CAP_NET_ADMIN @ netlink_net_capable kcore_need_update CAP_SYS_RAWIO @ capable check_qop.__print_once CAP_IPC_OWNER @ ns_capable all_mddevs_lock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable efivar_sysfs_list CAP_SYS_ADMIN @ capable uart_set_info._rs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mtime CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_fops CAP_SYS_ADMIN @ capable ksys_semget.sem_ops CAP_IPC_OWNER @ ns_capable mmap_min_addr CAP_SYS_RESOURCE @ capable redirect CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable C_A_D CAP_SYS_BOOT @ ns_capable __supported_pte_mask CAP_SYS_ADMIN @ capable percpu_counter_batch CAP_SYS_RESOURCE @ capable swap_active_head CAP_SYS_ADMIN @ capable sysctl_perf_event_sample_rate CAP_SYS_ADMIN @ capable collected CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check funcbufptr CAP_SYS_TTY_CONFIG @ capable __init_completion.__key.4631 CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check proc_event_counts CAP_NET_ADMIN @ __netlink_ns_capable name_len CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check funcbufsize CAP_SYS_TTY_CONFIG @ capable sysctl_protected_regular CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sysctl_perf_event_paranoid CAP_SYS_ADMIN @ capable pipe_mnt CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check proc_root_kcore CAP_SYS_RAWIO @ capable stop_sched_class CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable m_hash_mask CAP_SYS_ADMIN @ ns_capable shm_file_operations_huge CAP_IPC_LOCK @ ns_capable uts_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ipc_kht_params CAP_IPC_OWNER @ ns_capable pm_power_off CAP_SYS_BOOT @ ns_capable zero_pfn CAP_SYS_ADMIN @ capable sg_allow_dio CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check key_quota_maxkeys CAP_SYS_ADMIN @ capable key_quota_root_maxbytes CAP_SYS_ADMIN @ capable key_quota_maxbytes CAP_SYS_ADMIN @ capable sg_big_buff CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check switch.table.sg_io CAP_SYS_RAWIO @ capable __do_sys_bdflush.msg_count CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vt_kmsg_redirect.kmsg_con CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable qdisc_mod_lock CAP_NET_ADMIN @ capable default_qdisc_ops CAP_NET_ADMIN @ capable ipip6_tunnel_add_prl.__warned CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check swap_avail_heads CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable namespace_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check uts_ns_cache CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable debug.45088 CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check m_hash_shift CAP_SYS_ADMIN @ ns_capable kexec_load_disabled CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable cgroupns_operations CAP_SYS_ADMIN @ ns_capable ksys_msgget.msg_ops CAP_IPC_OWNER @ ns_capable mount_hashtable CAP_SYS_ADMIN @ ns_capable key_quota_root_maxkeys CAP_SYS_ADMIN @ capable kexec_mutex CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable table.56540 CAP_NET_ADMIN @ netlink_net_capable vmalloc_base CAP_NET_ADMIN @ netlink_net_capable pending_raid_disks CAP_SYS_ADMIN @ capable sysctl_hugetlb_shm_group CAP_IPC_LOCK @ capable next_state CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kbd_table CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check uevent_seqnum CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check hugetlb_file_setup.__print_once CAP_IPC_LOCK @ capable genl_fam_idr CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check packet_ops_spkt CAP_NET_RAW @ ns_capable fl_ht CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check i915_oa_max_sample_rate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vm_committed_as_batch CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check this_cpu_off CAP_SYSLOG @ has_capability_noaudit qdisc_base CAP_NET_ADMIN @ capable audit_enabled CAP_SYS_ADMIN @ capable store_rps_map.rps_map_mutex CAP_NET_ADMIN @ capable vm_committed_as CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check total_swap_pages CAP_SYS_ADMIN @ capable swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nl_table CAP_NET_BROADCAST @ file_ns_capable proc_poll_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nr_node_ids CAP_SYS_ADMIN @ capable tty_ldisc_autoload CAP_SYS_MODULE @ capable rps_needed CAP_NET_ADMIN @ capable keymap_count CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check cb_lock CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check tcp_cong_list CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable max_vals CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check body_len CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sit_net_id CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check shift_down CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check major CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check crng_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nr_files CAP_SYS_ADMIN @ capable vt_dont_switch CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check mnt_group_ida CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check alloc_empty_file.old_max CAP_SYS_ADMIN @ capable mount_too_revealing.__warned CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check sit_link_ops CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check --- Function Protected By Gating Function--- ring_buffer_write CAP_SYSLOG @ has_capability_noaudit filter_match_preds CAP_SYSLOG @ has_capability_noaudit ring_buffer_lock_reserve CAP_SYSLOG @ has_capability_noaudit raw_abort CAP_NET_ADMIN @ ns_capable udp_abort CAP_NET_ADMIN @ ns_capable __netlink_dump_start CAP_NET_ADMIN @ netlink_net_capable blk_queue_flag_clear CAP_SYS_ADMIN @ capable blk_queue_max_discard_sectors CAP_SYS_ADMIN @ capable __efivar_entry_delete CAP_SYS_ADMIN @ capable efivar_entry_iter_begin CAP_SYS_ADMIN @ capable efivar_create_sysfs_entry CAP_SYS_ADMIN @ capable efivar_entry_set CAP_SYS_ADMIN @ capable efivar_validate CAP_SYS_ADMIN @ capable do_md_stop CAP_SYS_ADMIN @ capable md_alloc CAP_SYS_ADMIN @ capable super_90_load CAP_SYS_ADMIN @ capable netif_set_xps_queue CAP_NET_ADMIN @ capable _dev_err CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable rtnl_fdb_notify CAP_NET_ADMIN @ netlink_capable ring_buffer_event_data CAP_SYSLOG @ has_capability_noaudit dev_mc_del CAP_NET_ADMIN @ netlink_capable __icmp_send CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable dev_uc_del CAP_NET_ADMIN @ netlink_capable shmem_unlock_mapping CAP_IPC_LOCK @ ns_capable shmem_lock CAP_IPC_LOCK @ ns_capable ipv6_chk_prefix CAP_NET_ADMIN @ ns_capable ipv6_chk_addr_and_flags CAP_NET_ADMIN @ ns_capable ata_task_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check ata_cmd_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_put_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check __starget_for_each_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check user_path_mountpoint_at CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check scsi_init_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_autopm_get_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check loop_info64_to_compat CAP_SYS_ADMIN @ capable dm_issue_global_event CAP_SYS_ADMIN @ capable cn_netlink_send CAP_NET_ADMIN @ __netlink_ns_capable unlock_device_hotplug CAP_SYS_ADMIN @ capable swsusp_swap_in_use CAP_SYS_ADMIN @ capable hibernation_platform_enter CAP_SYS_ADMIN @ capable suspend_devices_and_enter CAP_SYS_ADMIN @ capable free_all_swap_pages CAP_SYS_ADMIN @ capable snapshot_get_image_size CAP_SYS_ADMIN @ capable ring_buffer_unlock_commit CAP_SYSLOG @ has_capability_noaudit snapshot_image_loaded CAP_SYS_ADMIN @ capable snapshot_write_finalize CAP_SYS_ADMIN @ capable hibernation_snapshot CAP_SYS_ADMIN @ capable ksys_sync CAP_SYS_ADMIN @ capable lock_device_hotplug CAP_SYS_ADMIN @ capable free_netdev CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check alloc_netdev_mqs CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check dev_valid_name CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check mddev_unlock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable is_empty_dir_inode CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check mntput_no_expire CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check vfs_kern_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check group_pin_kill CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ida_alloc_range CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check umount_tree CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check attach_recursive_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check kern_path CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check drm_syncobj_free CAP_SYS_ADMIN @ capable security_sid_to_context_force CAP_CHOWN @ avc_has_perm_noaudit _fat_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check thaw_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check freeze_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check tcp_send_window_probe CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable tcp_set_congestion_control CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_legacy_dma_setup CAP_SYS_ADMIN @ capable drm_file_free CAP_SYS_ADMIN @ capable drm_syncobj_release CAP_SYS_ADMIN @ capable drm_prime_destroy_file_private CAP_SYS_ADMIN @ capable i915_driver_open CAP_SYS_ADMIN @ capable drm_prime_init_file_private CAP_SYS_ADMIN @ capable drm_gem_open CAP_SYS_ADMIN @ capable sd_config_write_same CAP_SYS_ADMIN @ capable memzero_explicit CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ipip6_dellink CAP_NET_ADMIN @ netlink_ns_capable serial8250_release_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable uart_shutdown CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable serial8250_verify_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vt_do_kbkeycode_ioctl CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check __tty_hangup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable xprt_wake_pending_tasks CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check xprt_unlock_connect CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check xs_tcp_write_space CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check lookup_mnt CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check terminate_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check link_path_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_net_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check compat_table_info CAP_NET_ADMIN @ ns_capable serial8250_config_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable walk_page_range CAP_SYS_ADMIN @ file_ns_capable serial8250_get_mctrl CAP_SYS_ADMIN @ capable step_into CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check trailing_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check translate_table CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_sb_remount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check kernel_kexec CAP_SYS_BOOT @ ns_capable kzalloc.31533 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mqueue_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filp_open CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check uart_set_ldisc CAP_SYS_MODULE @ capable mmc_ioctl_cdrom_last_written CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable security_context_to_sid_force CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit xt_compat_target_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable autofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_find_revision CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable errseq_sample CAP_SYS_ADMIN @ capable ext4_force_commit CAP_SYS_ADMIN @ capable proc_tgid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check do_smart_update CAP_IPC_OWNER @ ns_capable path_init CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernfs_iop_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid proc_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_attr_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check unlazy_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check free_cgroup_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable security_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check get_fs_type CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check rtc_cmos_read CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable map_files_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filename_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check d_alloc_parallel CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_change_flags CAP_NET_ADMIN @ ns_capable ext4_xattr_security_get CAP_SYS_ADMIN @ capable __lookup_slow CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sock_def_write_space CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check may_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check user_shm_lock CAP_IPC_LOCK @ capable kernfs_dop_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check blk_queue_flag_set CAP_SYS_ADMIN @ capable proc_task_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs4_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dm_blk_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfat_revalidate_ci CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_cdrom_play_blk CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable clone_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_compat_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable hugetlbfs_read_iter CAP_SYS_ADMIN @ capable rtnl_create_link CAP_NET_ADMIN @ netlink_ns_capable truncate_inode_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable read_iter_null CAP_SYS_ADMIN @ capable ip4_datagram_release_cb CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check d_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fd_install CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable inconsistent check wake_q_add CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check invalidate_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check filename_parentat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check task_set_jobctl_pending CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check security_sem_associate CAP_IPC_OWNER @ ns_capable current_umask CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sg_new_read CAP_SYS_RAWIO @ capable __mnt_drop_write CAP_SYS_PACCT @ capable security_msg_queue_msgsnd CAP_IPC_OWNER @ ns_capable isofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_free_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable dquot_add_space CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable dev_change_net_namespace CAP_NET_ADMIN @ netlink_ns_capable follow_managed CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_wait4 CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check reboot_pid_ns CAP_SYS_BOOT @ ns_capable compat_table_info.59431 CAP_NET_ADMIN @ ns_capable _isofs_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_change_tx_queue_len CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check walk_component CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cpus_read_unlock CAP_NET_ADMIN @ ns_capable security_inode_removexattr CAP_SYS_ADMIN @ capable get_net_ns_by_id CAP_NET_ADMIN @ netlink_ns_capable local_bh_enable.59161 CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check __put_net CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable inconsistent check sock_read_iter CAP_SYS_ADMIN @ capable vfat_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_root_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check disk_part_iter_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable urandom_read_iter CAP_SYS_ADMIN @ capable fsnotify_get_cookie CAP_FOWNER @ capable_wrt_inode_uidgid security_task_fix_setuid CAP_SETUID @ ns_capable CAP_SETUID @ ns_capable simple_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_cdrom_volume CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable xt_compat_target_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable proc_sys_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipc_update_perm CAP_SYS_ADMIN @ ns_capable md_import_device CAP_SYS_ADMIN @ capable shmem_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid mmc_ioctl_cdrom_read_audio CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable set_fs_root CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cdrom_count_tracks CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable sr_drive_status CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable bcmp CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_run_host_queues CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check fifo_init CAP_NET_ADMIN @ netlink_ns_capable dev_ifsioc CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check unregister_netdevice_queue CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check sg_scsi_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_config_pm_runtime_get CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check proc_tid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_inode_rename CAP_FOWNER @ capable_wrt_inode_uidgid mtrr_file_add CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable down_read_killable CAP_SYS_ADMIN @ file_ns_capable bad_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check destroy_local_trace_uprobe CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable populate_vma_page_range CAP_IPC_LOCK @ capable fat_trim_fs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_ADMIN @ capable inconsistent check uart_change_speed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable pci_user_read_config_dword CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check security_msg_queue_msgrcv CAP_IPC_OWNER @ ns_capable find_get_context CAP_SYS_ADMIN @ capable inet6_addr_del CAP_NET_ADMIN @ ns_capable md_rdev_clear CAP_SYS_ADMIN @ capable kernel_sigaction CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __ip_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ip6_datagram_release_cb CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check check_for_audio_disc CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable wbinvd_on_cpu CAP_SYS_ADMIN @ capable security_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid nfs_swap_activate CAP_SYS_ADMIN @ capable ipc_rcu_getref CAP_IPC_OWNER @ ns_capable pci_disable_device CAP_SYS_ADMIN @ capable proc_alloc_inum CAP_SYS_ADMIN @ ns_capable to_compat_ipc_perm CAP_IPC_OWNER @ ns_capable fl_release CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check __netif_set_xps_queue CAP_NET_ADMIN @ ns_capable filemap_write_and_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __audit_inode_child CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mtrr_del CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inet6_addr_add CAP_NET_ADMIN @ ns_capable dev_add_pack CAP_NET_RAW @ ns_capable __ext4_journal_start_sb CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check perf_event_alloc CAP_SYS_ADMIN @ capable unregister_netdevice_many CAP_NET_ADMIN @ netlink_ns_capable translate_table.59434 CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable to_compat_ipc64_perm CAP_IPC_OWNER @ ns_capable mtrr_add CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ksys_fchmod CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_misc_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alarmtimer_do_nsleep CAP_WAKE_ALARM @ capable path_openat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_read_config_dword CAP_SYS_ADMIN @ capable nfs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check wake_up_q CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check swap_inode_data CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable xt_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable proc_ns_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sr_check_events CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable release_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid xt_request_find_target CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable pci_config_pm_runtime_put CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check put_ipc_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable inconsistent check set_fs_pwd CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_set_mtu CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable chroot_fs_refs CAP_SYS_ADMIN @ ns_capable xt_compat_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable do_sys_open CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check move_vma CAP_IPC_LOCK @ capable tg3_ptp_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable getname_flags CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check disk_get_part CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_next_writable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable nfs4_xattr_get_nfs4_acl CAP_SYS_ADMIN @ capable tcp_abort CAP_NET_ADMIN @ ns_capable __fsnotify_parent CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable inconsistent check disk_part_iter_exit CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_path_lookup CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check exportfs_decode_fh CAP_DAC_READ_SEARCH @ capable xt_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable bind_rdev_to_array CAP_SYS_ADMIN @ capable security_inode_getsecurity CAP_SYS_ADMIN @ capable scsi_autopm_put_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check __dquot_transfer CAP_SYS_RESOURCE @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check vfat_rename CAP_FOWNER @ capable_wrt_inode_uidgid pin_kill CAP_SYS_PACCT @ capable ext4_unlink CAP_FOWNER @ capable_wrt_inode_uidgid kcalloc.55943 CAP_NET_ADMIN @ ns_capable do_add_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check netdev_state_change CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check pci_write_config_dword CAP_SYS_ADMIN @ capable proc_map_files_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipip6_newlink CAP_NET_ADMIN @ netlink_ns_capable serial8250_pm CAP_SYS_ADMIN @ capable __lookup_hash CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check deactivate_locked_super CAP_SYS_ADMIN @ capable do_ip6t_get_ctl CAP_NET_ADMIN @ ns_capable msdos_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bpf_get_trace_printk_proto CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable lookup_fast CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check efivar_entry_iter_end CAP_SYS_ADMIN @ capable ext4_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid sr_packet CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable vm_stat_account CAP_IPC_LOCK @ capable match_string CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_play_msf CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable mqueue_unlink CAP_FOWNER @ capable_wrt_inode_uidgid rescan_partitions CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_expand_extra_isize CAP_SYS_RESOURCE @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check kernel_restart CAP_SYS_BOOT @ ns_capable jbd2_journal_force_commit_nested CAP_SYS_RESOURCE @ capable mtrr_add_page CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable svc_add_new_perm_xprt CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check mq_find CAP_NET_ADMIN @ netlink_ns_capable xt_compat_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable mmc_ioctl_cdrom_pause_resume CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable xt_compat_init_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable get_mm_exe_file CAP_SYS_RESOURCE @ capable mmc_ioctl_cdrom_read_data CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable register_netdevice CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check proc_sys_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_reserve_inode_write CAP_SYS_RESOURCE @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check xt_compat_flush_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable kernfs_iop_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filename_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_install_in_context CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cpus_read_lock CAP_NET_ADMIN @ ns_capable sr_get_last_session CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable ext4_mark_iloc_dirty CAP_SYS_RESOURCE @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check xt_table_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_compat_check_entry_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable out_of_line_wait_on_bit CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check alloc_file_clone CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check xt_compat_match_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_alloc_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable mtrr_del_page CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __rseq_handle_notify_resume CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sem_lock CAP_IPC_OWNER @ ns_capable ipc_rcu_putref CAP_IPC_OWNER @ ns_capable sr_block_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drop_collected_mounts CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ramfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check e1000e_phc_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable fsync_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable qdisc_get_stab CAP_NET_ADMIN @ netlink_ns_capable dev_set_alias CAP_NET_ADMIN @ ns_capable do_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sockfs_xattr_get CAP_SYS_ADMIN @ capable drm_gem_handle_create CAP_SYS_ADMIN @ capable tty_vhangup_self CAP_SYS_TTY_CONFIG @ capable nfs_weak_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check _atomic_dec_and_lock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable lock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_set_group CAP_NET_ADMIN @ ns_capable locks_mandatory_locked CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_dvd_auth CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable tcp_release_cb CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check ip_tunnel_bind_dev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_task_setscheduler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable lock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid sr_audio_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable serial8250_request_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bad_inode_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_user_read_config_byte CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check vfs_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check _dev_alert CAP_SYS_ADMIN @ capable __ext4_msg CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __ext4_journal_stop CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ext4_xattr_user_get CAP_SYS_ADMIN @ capable drm_addmap_core CAP_SYS_ADMIN @ capable destroy_local_trace_kprobe CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable fib6_add CAP_NET_ADMIN @ ns_capable enable_swap_slots_cache CAP_SYS_ADMIN @ capable tty_name CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check uts_proc_notify CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ip6_route_info_create CAP_NET_ADMIN @ ns_capable rtnl_register CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ext4_xattr_trusted_get CAP_SYS_ADMIN @ capable swap_type_of CAP_SYS_ADMIN @ capable __get_locked_pte CAP_SYS_ADMIN @ capable dev_change_carrier CAP_NET_ADMIN @ ns_capable security_sem_semctl CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check mq_walk CAP_NET_ADMIN @ netlink_ns_capable tid_fd_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check hugetlbfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfat_unlink CAP_FOWNER @ capable_wrt_inode_uidgid security_sem_semop CAP_IPC_OWNER @ ns_capable proc_lookupfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check scsi_try_bus_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check extract_entropy CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable commit_creds CAP_SETUID @ ns_capable CAP_SETGID @ ns_capable CAP_SETGID @ ns_capable CAP_SETPCAP @ ns_capable CAP_SETGID @ ns_capable CAP_SETUID @ ns_capable CAP_SETGID @ ns_capable CAP_SETGID @ ns_capable inconsistent check posix_acl_xattr_get CAP_SYS_ADMIN @ capable blk_rq_map_kern CAP_SYS_RAWIO @ capable __break_lease CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable inconsistent check hibernate CAP_SYS_BOOT @ ns_capable dev_ingress_queue_create CAP_NET_ADMIN @ netlink_ns_capable ipcperms CAP_IPC_OWNER @ ns_capable skb_copy_expand CAP_SYS_ADMIN @ netlink_ns_capable pid_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check crypto_shash_update CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable xt_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __vfs_setxattr_noperm CAP_SYS_ADMIN @ capable blkdev_read_iter CAP_SYS_ADMIN @ capable do_ipt_get_ctl CAP_NET_ADMIN @ ns_capable __audit_inode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_halt CAP_SYS_BOOT @ ns_capable xt_compat_match_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable kernel_power_off CAP_SYS_BOOT @ ns_capable audit_inode_permission %81 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* nonnull @selinux_state, i32 %48, i32 %76, i16 zeroext %78, i32 %43, i32 %80, %struct.gnet_stats_queue* nonnull %3) #69 Dynamic Load CAP bad_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid n_tty_close CAP_SYS_MODULE @ capable tty_lock CAP_SYS_MODULE @ capable sr_lock_door CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable generic_file_write_iter CAP_SYS_ADMIN @ capable sr_tray_move CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable handle_dots CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ipv6_dev_ac_inc CAP_NET_ADMIN @ ns_capable sr_get_mcn CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable vfs_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check user_disable_single_step CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check simple_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid do_linkat CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check do_mknodat CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_tgid_net_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dm_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tcf_proto_lookup_ops CAP_NET_ADMIN @ netlink_ns_capable do_fchownat CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check do_fchmodat CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check do_utimes CAP_DAC_READ_SEARCH @ capable CAP_MKNOD @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ksys_fchown CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_change_proto_down CAP_NET_ADMIN @ ns_capable do_sys_ftruncate CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check maybe_link CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_master_open CAP_SYS_ADMIN @ capable do_mkdirat CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check shmem_xattr_handler_get CAP_SYS_ADMIN @ capable dir_add CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_gem_release CAP_SYS_ADMIN @ capable panic CAP_SYS_MODULE @ capable do_symlinkat CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_unlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_css_set_locked CAP_SYS_ADMIN @ ns_capable inode_owner_or_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check audit_log_link_denied CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check swsusp_free CAP_SYS_ADMIN @ capable _dev_notice CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipip6_tunnel_update CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check vfs_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_dvd_read_struct CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable vfs_tmpfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_enable_device CAP_SYS_ADMIN @ capable netlink_ack CAP_NET_ADMIN @ netlink_net_capable finish_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_cdrom_subchannel CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable sr_reset CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check delete_partition CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable path_lookupat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check freeary CAP_SYS_ADMIN @ ns_capable security_msg_queue_msgctl CAP_SYS_ADMIN @ ns_capable may_delete CAP_FOWNER @ capable_wrt_inode_uidgid netlink_rcv_skb CAP_NET_ADMIN @ netlink_net_capable freeque CAP_SYS_ADMIN @ ns_capable nd_jump_link CAP_SYS_ADMIN @ capable ihold CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check create_new_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tc_chain_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable rtnetlink_send CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable tcf_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __tcf_chain_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable nla_strcmp CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable qdisc_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable shmem_unlink CAP_FOWNER @ capable_wrt_inode_uidgid qdisc_notify CAP_NET_ADMIN @ netlink_ns_capable is_subdir CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ktime_add_safe CAP_WAKE_ALARM @ capable xs_tcp_set_socket_timeouts CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check netlink_broadcast CAP_SYS_ADMIN @ netlink_ns_capable __dquot_alloc_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable take_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid kernel_setsockopt CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check __is_local_mountpoint CAP_FOWNER @ capable_wrt_inode_uidgid xfrm_user_policy CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check d_invalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_read_file_from_fd CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable kernfs_iop_rename CAP_FOWNER @ capable_wrt_inode_uidgid nfs_rename CAP_FOWNER @ capable_wrt_inode_uidgid unhash_mnt CAP_SYS_ADMIN @ ns_capable do_md_run CAP_SYS_ADMIN @ capable security_sid_to_context CAP_DAC_OVERRIDE @ avc_has_perm_noaudit shmem_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid simple_rename CAP_FOWNER @ capable_wrt_inode_uidgid msdos_rename CAP_FOWNER @ capable_wrt_inode_uidgid ext4_ext_tree_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable do_group_exit CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check path_mountpoint CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid shrink_dcache_parent CAP_FOWNER @ capable_wrt_inode_uidgid efivar_entry_find CAP_SYS_ADMIN @ capable ext4_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid generic_swapfile_activate CAP_SYS_ADMIN @ capable __detach_mounts CAP_FOWNER @ capable_wrt_inode_uidgid jbd2_journal_abort CAP_SYS_ADMIN @ capable d_move CAP_FOWNER @ capable_wrt_inode_uidgid bdevname CAP_SYS_ADMIN @ capable ext4_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __d_lookup_done CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_mmap_fits CAP_SYS_RAWIO @ capable d_exchange CAP_FOWNER @ capable_wrt_inode_uidgid scsi_try_host_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check vfat_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dm_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable write_iter_null CAP_SYS_ADMIN @ capable unlock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid nfs_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid autofs_dir_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid msdos_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid pin_insert CAP_SYS_PACCT @ capable vfat_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid tracefs_syscall_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid security_msg_queue_associate CAP_IPC_OWNER @ ns_capable msdos_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lookup_user_key CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable change_mnt_propagation CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check blk_execute_rq CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable security_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid autofs_dir_unlink CAP_FOWNER @ capable_wrt_inode_uidgid ip6_route_del CAP_NET_ADMIN @ ns_capable static_key_slow_dec CAP_NET_ADMIN @ capable bitmap_free CAP_NET_ADMIN @ ns_capable nfs_unlink CAP_FOWNER @ capable_wrt_inode_uidgid msdos_unlink CAP_FOWNER @ capable_wrt_inode_uidgid simple_unlink CAP_FOWNER @ capable_wrt_inode_uidgid netdev_master_upper_dev_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check bad_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid send_sig_info CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check uart_startup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_blocksize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable fib_table_lookup CAP_NET_ADMIN @ ns_capable signal_wake_up_state CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check exit_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable proc_ptrace_connector CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check security_kernel_load_data CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_MODULE @ capable inconsistent check unlock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check llist_add_batch CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ida_free CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check perf_uprobe_init CAP_SYS_ADMIN @ capable ext4_double_up_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable perform_atomic_semop CAP_IPC_OWNER @ ns_capable security_task_getscheduler CAP_SYS_NICE @ capable blkdev_issue_discard CAP_SYS_ADMIN @ capable unix_write_space CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check nf_setsockopt CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check ext4_get_inode_loc CAP_SYS_RESOURCE @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_dbg CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __order_base_2.31526 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kmalloc_array.31530 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drm_cleanup_buf_error CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_sb_umount CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check compat_nf_setsockopt CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check blk_rq_map_user_iov CAP_SYS_RAWIO @ capable ring_buffer_discard_commit CAP_SYSLOG @ has_capability_noaudit blk_rq_map_user CAP_SYS_RAWIO @ capable blk_rq_unmap_user CAP_SYS_RAWIO @ capable nfs_umount_begin CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check perf_kprobe_init CAP_SYS_ADMIN @ capable qdisc_create CAP_NET_ADMIN @ netlink_ns_capable freeze_bdev CAP_SYS_ADMIN @ capable qdisc_lookup CAP_NET_ADMIN @ netlink_ns_capable __dquot_free_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mq_leaf CAP_NET_ADMIN @ netlink_ns_capable rtnl_configure_link CAP_NET_ADMIN @ netlink_ns_capable qdisc_graft CAP_NET_ADMIN @ netlink_ns_capable free_msg CAP_IPC_OWNER @ ns_capable gen_replace_estimator CAP_NET_ADMIN @ netlink_ns_capable xt_compat_add_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable mq_select_queue CAP_NET_ADMIN @ netlink_ns_capable shmem_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check md_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __vfs_removexattr CAP_SYS_ADMIN @ capable sd_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable alloc_file_pseudo CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check compat_import_iovec CAP_SYS_ADMIN @ capable blk_rq_init CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check lo_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_device_ro CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bad_inode_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check disk_part_iter_next CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sr_select_speed CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable add_partition CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable pci_user_read_config_word CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check sd_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable _credit_init_bits CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfat_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dm_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable write_pool_user CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nfs_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernfs_xattr_get CAP_SYS_ADMIN @ capable dm_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable proc_lookupfdinfo CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ptep_set_access_flags CAP_SYS_ADMIN @ capable sd_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ftrace_trace_stack CAP_SYSLOG @ has_capability_noaudit sd_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kbd_rate CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check fsnotify CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable inconsistent check sd_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_shm_associate CAP_IPC_OWNER @ ns_capable modify_user_hw_breakpoint_check CAP_SYS_ADMIN @ capable track_pfn_insert CAP_SYS_ADMIN @ capable hibernation_restore CAP_SYS_ADMIN @ capable serport_ldisc_open CAP_SYS_MODULE @ capable pci_mmap_page_range CAP_SYS_RAWIO @ capable rtc_cmos_write CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_down_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable amd_set_subcaches CAP_SYS_ADMIN @ capable ext4_discard_preallocations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_trim_fs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rfkill_set_block CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable propagate_mount_busy CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check compat_put_timex CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable mnt_clone_internal CAP_SYS_PACCT @ capable __mnt_want_write CAP_SYS_PACCT @ capable drm_syncobj_open CAP_SYS_ADMIN @ capable do_kexec_load CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable compat_alloc_user_space CAP_SYS_BOOT @ capable security_sb_pivotroot CAP_SYS_ADMIN @ ns_capable cgroup_kn_lock_live CAP_SYS_ADMIN @ capable empty_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check max_swapfile_size CAP_SYS_ADMIN @ capable strim CAP_SYS_ADMIN @ capable aio_complete_rw CAP_SYS_ADMIN @ capable cgroup_kn_unlock CAP_SYS_ADMIN @ capable tty_kref_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mutex_lock_killable CAP_SYS_ADMIN @ file_ns_capable save_stack_trace_tsk CAP_SYS_ADMIN @ file_ns_capable drm_pci_alloc CAP_SYS_ADMIN @ capable disable_swap_slots_cache_lock CAP_SYS_ADMIN @ capable lock_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check n_tty_open CAP_SYS_MODULE @ capable tty_unlock CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check audit_seccomp_actions_logged CAP_SYS_ADMIN @ capable rtc_set_time CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check mmc_ioctl_cdrom_start_stop CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable perf_event_set_output CAP_SYS_ADMIN @ capable security_vm_enough_memory_mm CAP_SYS_ADMIN @ capable xs_udp_write_space CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check try_to_unuse CAP_SYS_ADMIN @ capable _enable_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable reenable_swap_slots_cache_unlock CAP_SYS_ADMIN @ capable xt_compat_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable nfs_swap_deactivate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable exit_swap_address_space CAP_SYS_ADMIN @ capable rw_verify_area CAP_SYS_ADMIN @ capable __sb_start_write CAP_SYS_ADMIN @ capable nfs_file_read CAP_SYS_ADMIN @ capable shmem_file_read_iter CAP_SYS_ADMIN @ capable read_iter_zero CAP_SYS_ADMIN @ capable pipe_read CAP_SYS_ADMIN @ capable generic_file_read_iter CAP_SYS_ADMIN @ capable security_inode_setxattr CAP_SYS_ADMIN @ capable ext4_file_read_iter CAP_SYS_ADMIN @ capable random_read_iter CAP_SYS_ADMIN @ capable perf_event_enable CAP_SYS_ADMIN @ capable nfs_file_write CAP_SYS_ADMIN @ capable slow_avc_audit CAP_CHOWN @ avc_has_perm_noaudit %12 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 %11, %struct.gnet_stats_queue* nonnull %8) #69 Dynamic Load CAP CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit sock_write_iter CAP_SYS_ADMIN @ capable pipe_write CAP_SYS_ADMIN @ capable ext4_file_write_iter CAP_SYS_ADMIN @ capable blkdev_write_iter CAP_SYS_ADMIN @ capable import_single_range CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable random_write_iter CAP_SYS_ADMIN @ capable ip_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable devkmsg_write CAP_SYS_ADMIN @ capable fib_table_delete CAP_NET_ADMIN @ ns_capable fib_new_table CAP_NET_ADMIN @ ns_capable sb_set_blocksize CAP_SYS_ADMIN @ capable fib_table_insert CAP_NET_ADMIN @ ns_capable serport_ldisc_close CAP_SYS_MODULE @ capable n_null_close CAP_SYS_MODULE @ capable xt_request_find_match CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable n_null_open CAP_SYS_MODULE @ capable security_inode_getxattr CAP_SYS_ADMIN @ capable tcf_block_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable tty_ldisc_reinit CAP_SYS_MODULE @ capable tty_ldisc_get CAP_SYS_MODULE @ capable ldsem_down_write CAP_SYS_MODULE @ capable ldsem_up_write CAP_SYS_MODULE @ capable tty_buffer_restart_work CAP_SYS_MODULE @ capable static_key_slow_inc CAP_NET_ADMIN @ capable rt6_lookup CAP_NET_ADMIN @ ns_capable dst_release CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check proc_dostring CAP_SYS_ADMIN @ capable kernel_getsockname CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check find_task_by_vpid CAP_SYS_ADMIN @ capable svc_write_space CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check --- Interesting Type fields and checks --- struct.net.591935:0, CAP_NET_ADMIN @ netlink_ns_capable struct.task_struct.230652:0, CAP_NET_ADMIN @ ns_capable struct.path.230015:0, CAP_NET_ADMIN @ ns_capable struct.net.589001:0, CAP_NET_ADMIN @ netlink_net_capable struct.gendisk.471914:0, CAP_SYS_ADMIN @ capable struct.mddev:0, CAP_SYS_ADMIN @ capable struct.pps_device:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.net_device_ops.591951:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check struct.net_device.592030:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check struct.cred.224006:0, CAP_IPC_LOCK @ ns_capable struct.net.686242:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.super_operations.128172:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.fs_struct.128008:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.vm_area_struct.112419:0, CAP_IPC_LOCK @ capable struct.scsi_device.467869:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.scsi_host_template.467877:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.ip_tunnel.711885:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.task_struct.224184:0, CAP_IPC_LOCK @ ns_capable struct.ifreq:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.super_operations.124703:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.net_device_ops.597556:0, CAP_NET_ADMIN @ capable struct.drm_file.338619:0, CAP_SYS_ADMIN @ capable struct.uart_state:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.signal_struct.316122:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.drm_device.338615:0, CAP_SYS_ADMIN @ capable struct.task_struct.316170:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.317844:0, CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check struct.svc_sock.726501:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.svc_serv.726467:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.proto.230331:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.tty_struct.314340:0, CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check struct.task_struct.120847:0, CAP_SYS_CHROOT @ ns_capable struct.tty_ldisc_ops.314341:0, CAP_SYS_MODULE @ capable struct.in_ifaddr.631269:0, CAP_NET_ADMIN @ ns_capable struct.in_device.631272:0, CAP_NET_ADMIN @ ns_capable struct.net_device.631313:0, CAP_NET_ADMIN @ ns_capable struct.kiocb.120439:0, CAP_SYS_ADMIN @ capable struct.iocb:0, CAP_SYS_ADMIN @ capable struct.tty_struct.316116:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.swap_info_struct.100581:0, CAP_SYS_ADMIN @ capable struct.task_struct.100571:0, CAP_SYS_ADMIN @ capable struct.ctl_table:0, CAP_SYS_ADMIN @ capable struct.drm_dma_handle:0, CAP_SYS_ADMIN @ capable struct.ip6_flowlabel.694234:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.perf_event.5361:0, CAP_SYS_ADMIN @ capable struct.cred.172473:0, CAP_IPC_LOCK @ capable struct.task_struct.172665:0, CAP_IPC_LOCK @ capable struct.stack_trace:0, CAP_SYS_ADMIN @ file_ns_capable struct.nfnl_err:0, CAP_NET_ADMIN @ netlink_net_capable struct.nfnetlink_subsystem:0, CAP_NET_ADMIN @ netlink_net_capable struct.msg_sender:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.gendisk.258180:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.mnt_namespace.127948:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.net_device.597678:0, CAP_NET_ADMIN @ capable struct.ubuf_info:0, CAP_IPC_LOCK @ capable struct.nsproxy.127972:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ext4_sb_info.166387:0, CAP_SYS_RESOURCE @ capable struct.ptp_clock_info.530675:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.pid_namespace.39324:0, CAP_SYS_PACCT @ capable struct.header_ops.230237:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.work_struct:3, CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.task_struct.46154:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.request.263598:0,1, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.task_struct:0, CAP_WAKE_ALARM @ capable struct.fib6_config.685167:0, CAP_NET_ADMIN @ ns_capable struct.net_device.230313:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.task_struct.583532:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.ipv6_txoptions:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.drm_driver.338568:0, CAP_SYS_ADMIN @ capable union.anon.21:2, CAP_IPC_OWNER @ ns_capable struct.cdrom_device_ops.496751:0, CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check struct.perf_event_context.97649:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.wake_q_head:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.anon.102.5387:1, CAP_SYS_ADMIN @ capable struct.task_struct.97833:0, CAP_SYS_ADMIN @ capable struct.xt_target.706921:0, CAP_NET_ADMIN @ ns_capable struct.xattr_handler.128704:0, CAP_SYS_ADMIN @ capable struct.xt_match.666766:0, CAP_NET_ADMIN @ ns_capable struct.ipt_replace:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.task_struct.128080:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.cred.39299:0, CAP_SETGID @ ns_capable CAP_SETUID @ ns_capable CAP_SETUID @ ns_capable inconsistent check struct.ip_tunnel_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.sg_io_hdr:0, CAP_SYS_RAWIO @ capable struct.vm_area_struct:0, CAP_SYS_ADMIN @ capable struct.device.16878:0, CAP_SYS_ADMIN @ capable struct.net.230172:0, CAP_NET_RAW @ ns_capable struct.rtnl_link_ops.592027:0, CAP_NET_ADMIN @ netlink_ns_capable struct.trace_event_call.93726:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.cgroup.82677:0, CAP_SYS_ADMIN @ capable struct.task_struct.50485:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.socket.230347:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.sock.230350:1,0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.tcf_proto_ops.606681:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.path.143349:0, CAP_DAC_READ_SEARCH @ capable struct.ext4_sb_info.163118:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_LINUX_IMMUTABLE @ capable inconsistent check struct.uart_port:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.143699:0, CAP_DAC_READ_SEARCH @ capable struct.tcf_proto.606682:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.sem_queue:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.net_device.589093:0, CAP_NET_ADMIN @ netlink_ns_capable struct.qdisc_size_table:0, CAP_NET_ADMIN @ netlink_ns_capable struct.tty_operations.314336:0, CAP_SYS_MODULE @ capable struct.xt_entry_match.706927:0, CAP_NET_ADMIN @ ns_capable struct.ext4_sb_info:0, CAP_SYS_RESOURCE @ capable struct.Scsi_Host.467883:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.signal_struct.39514:0, CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.ip6t_replace:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.attribute:1, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.sock.631192:1,0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.sg_request:0, CAP_SYS_RAWIO @ capable struct.nsproxy.45911:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct.684:0, CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.nsproxy.39437:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.key.226547:0, CAP_SYS_ADMIN @ capable struct.task_struct.10885:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.sock.666759:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.xt_entry_match.666775:0, CAP_NET_ADMIN @ ns_capable struct.vm_area_struct.39266:0, CAP_SYS_RESOURCE @ capable struct.block_device.121823:0, CAP_SYS_ADMIN @ capable struct.task_struct.225134:0, CAP_SYS_RESOURCE @ capable struct.xt_table.706650:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.fs_struct.143622:0, CAP_DAC_READ_SEARCH @ capable struct.sit_net:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.Qdisc_class_ops.589069:0, CAP_NET_ADMIN @ netlink_ns_capable struct.ipv6_pinfo.681916:0, CAP_NET_ADMIN @ ns_capable struct.qstr:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.net.597758:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.sg_fd:0, CAP_SYS_RAWIO @ capable struct.amd_northbridge:0, CAP_SYS_ADMIN @ capable struct.xt_table.666498:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.vfsmount.128217:0,-2, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.packet_command:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.task_struct.111275:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.scsi_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.netlink_dump_control.678256:0, CAP_NET_ADMIN @ netlink_net_capable struct.ip_tunnel:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.xt_match.706918:0, CAP_NET_ADMIN @ ns_capable struct.kuid_t:2, CAP_IPC_OWNER @ ns_capable struct.alarm:0, CAP_WAKE_ALARM @ capable struct.kern_ipc_perm:1, CAP_IPC_LOCK @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.sem_array:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.task_struct.123967:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.signal_struct.46112:0, CAP_IPC_OWNER @ ns_capable struct.pid_namespace.46156:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.rtentry:0, CAP_NET_ADMIN @ ns_capable struct.packet_fanout:0, CAP_NET_RAW @ ns_capable struct.msg_receiver:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_OWNER @ ns_capable inconsistent check struct.ipc_ops:0, CAP_IPC_OWNER @ ns_capable struct.netdev_rx_queue.597606:0, CAP_NET_ADMIN @ capable struct.nameidata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.agp_file_private:0, CAP_SYS_RAWIO @ capable struct.k_itimer:0, CAP_WAKE_ALARM @ capable struct.vm_area_struct.111176:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.coredump_params.39304:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.net_device.659168:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.msg_msg:0, CAP_IPC_OWNER @ ns_capable struct.qspinlock:122,102, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.nsproxy.586406:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.ksignal:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.task_struct.39605:0, CAP_SETUID @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_KILL @ ns_capable CAP_SYS_MODULE @ capable CAP_SETUID @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable_noaudit inconsistent check struct.load_info:0, CAP_SYS_MODULE @ capable struct.block_device.100527:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.226825:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.md_rdev:0, CAP_SYS_ADMIN @ capable struct.agp_controller:0, CAP_SYS_RAWIO @ capable struct.tcf_filter_chain_list_item:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.block_device_operations.258127:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.nsproxy.225418:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.uevent_sock:0, CAP_SYS_ADMIN @ netlink_ns_capable struct.tcf_block.606679:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.mm_walk.146388:0, CAP_SYS_ADMIN @ file_ns_capable struct.net.225062:0, CAP_NET_ADMIN @ netlink_net_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check struct.net_device.657285:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.net.630923:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.path.124050:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.block_device.266272:0, CAP_SYS_ADMIN @ capable struct.drm_device_dma.337197:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.fib_config:0, CAP_NET_ADMIN @ ns_capable struct.drm_device.337237:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.uart_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.simple_xattr:0, CAP_SYS_ADMIN @ ns_capable_noaudit struct.Qdisc.589078:0, CAP_NET_ADMIN @ netlink_ns_capable struct.sock.706911:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.cred.583142:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.xt_target.666769:0, CAP_NET_ADMIN @ ns_capable struct.Qdisc_ops.589070:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.sock.224990:0, CAP_NET_ADMIN @ netlink_net_capable struct.netdev_queue.589064:0, CAP_NET_ADMIN @ netlink_ns_capable struct.check_loop_arg:0, CAP_NET_ADMIN @ netlink_ns_capable struct.path.128218:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.nfs4_label:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.perf_event.97674:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.block_device.258298:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.pr_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.147271:0, CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.gendisk.100534:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.nsproxy:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.nsproxy.82423:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct.82466:0, CAP_SYS_ADMIN @ ns_capable Run Analysis, Threads:1 Critical functions Check Use of Function:ring_buffer_lock_reserve Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.89922, %struct.file.89922* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 11 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.89922, %struct.file.89922* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 11 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 ------------- Good: 1397 Bad: 2 Ignored: 3060 Check Use of Function:filter_match_preds Check Use of Function:ring_buffer_write Check Use of Function:udp_abort Check Use of Function:raw_abort Check Use of Function:__netlink_dump_start Check Use of Function:blk_queue_max_discard_sectors Check Use of Function:blk_queue_flag_clear Check Use of Function:efivar_entry_iter_begin Check Use of Function:__efivar_entry_delete Check Use of Function:efivar_validate Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.547321* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %110 %96 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %97 = bitcast %struct.uuid_t* %96 to i64* %98 = load i64, i64* %97, align 1 %99 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %100 = bitcast i8* %99 to i64* %101 = load i64, i64* %100, align 1 %102 = bitcast { i64, i64 }* %4 to i8* %103 = bitcast { i64, i64 }* %5 to i8* %104 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %83, i64* %104, align 8 %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %86, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %98, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %101, i64* %107, align 8 %108 = call i32 @bcmp(i8* nonnull dereferenceable(16) %102, i8* nonnull dereferenceable(16) %103, i64 16) #6 %109 = icmp eq i32 %108, 0 br i1 %109, label %112, label %110 %113 = icmp eq i64 %90, 0 %114 = icmp eq i32 %80, 0 %115 = or i1 %114, %113 br i1 %115, label %116, label %118 %119 = icmp ult i32 %80, 128 br i1 %119, label %120, label %122 %121 = tail call zeroext i1 @efivar_validate(i64 %83, i64 %86, i16* nonnull %87, i8* %91, i64 %90) #70 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:efivar_entry_set Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 br i1 %64, label %67, label %65 %68 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 3, i64 0 %69 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %70 = load i32, i32* %31, align 1 %71 = zext i32 %70 to i64 %72 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 2 store i64 %71, i64* %72, align 1 %73 = load i32, i32* %21, align 1 %74 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 5 store i32 %73, i32* %74, align 1 br label %125 %126 = phi i64 [ %33, %67 ], [ %90, %124 ] %127 = phi i32 [ %22, %67 ], [ %80, %124 ] %128 = phi i8* [ %34, %67 ], [ %91, %124 ] %129 = tail call i32 @efivar_entry_set(%struct.efivar_entry.547321* nonnull %0, i32 %127, i64 %126, i8* %128, %struct.list_head* null) #70 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:efivar_create_sysfs_entry Check Use of Function:super_90_load Check Use of Function:md_alloc Check Use of Function:do_md_stop Check Use of Function:netif_set_xps_queue Check Use of Function:_dev_err Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_common_ioctl 4 snd_pcm_ioctl ------------- Path:  Function:snd_pcm_ioctl %4 = and i32 %1, 65280 %5 = icmp eq i32 %4, 16640 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_pcm_file** %9 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %9, i64 0, i32 0 %11 = load %struct.snd_pcm_substream.565851*, %struct.snd_pcm_substream.565851** %10, align 8 %12 = inttoptr i64 %2 to i8* %13 = tail call fastcc i32 @snd_pcm_common_ioctl(%struct.file* %0, %struct.snd_pcm_substream.565851* %11, i32 %1, i8* %12) #69 Function:snd_pcm_common_ioctl %5 = alloca %struct.snd_xfern, align 8 %6 = alloca %struct.drm_dma_handle, align 8 %7 = alloca %struct.snd_pcm_sync_ptr, align 8 %8 = alloca %struct.agp_allocate, align 8 %9 = alloca %struct.snd_pcm_status, align 8 %10 = alloca %struct.snd_pcm_status, align 8 %11 = alloca %struct.snd_pcm_sw_params, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.snd_pcm_file** %15 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %14, align 8 %16 = icmp eq %struct.snd_pcm_substream.565851* %1, null br i1 %16, label %1112, label %17, !prof !4 %18 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 11 %19 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %18, align 8 %20 = icmp eq %struct.snd_pcm_runtime.565846* %19, null br i1 %20, label %1112, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 0 %23 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %22, align 8 %24 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %23, i64 0, i32 0 %25 = load %struct.snd_card.565821*, %struct.snd_card.565821** %24, align 8 %26 = tail call i32 bitcast (i32 (%struct.snd_card*, i32)* @snd_power_wait to i32 (%struct.snd_card.565821*, i32)*)(%struct.snd_card.565821* %25, i32 0) #69 %27 = icmp slt i32 %26, 0 br i1 %27, label %1112, label %28 switch i32 %2, label %1111 [ i32 -2147204864, label %29 i32 -2128592639, label %34 i32 1074020610, label %1112 i32 1074020611, label %37 i32 1074020612, label %53 i32 -1033879280, label %66 i32 -1033879279, label %85 i32 16658, label %101 i32 -1064812269, label %195 i32 -2137505504, label %206 i32 -1063763676, label %212 i32 -2145894094, label %233 i32 16704, label %283 i32 16705, label %320 i32 16706, label %322 i32 1074020704, label %343 i32 16737, label %477 i32 16711, label %479 i32 16712, label %500 i32 16674, label %529 i32 -2146942687, label %565 i32 -1064812253, label %578 i32 -1056947952, label %725 i32 -1056947951, label %832 i32 16708, label %936 i32 16707, label %938 i32 1074020677, label %974 i32 1075331408, label %997 i32 -2145894063, label %997 i32 1075331410, label %1026 i32 -2145894061, label %1026 i32 1074282822, label %1069 i32 1074282825, label %1090 ] %213 = bitcast %struct.snd_pcm_status* %9 to i8* %215 = getelementptr inbounds i8, i8* %3, i64 92 %216 = bitcast i8* %215 to i32* %217 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %216, i64 4, i64 %214) #6, !srcloc !18 %218 = extractvalue { i32*, i64, i64 } %217, 0 %219 = extractvalue { i32*, i64, i64 } %217, 1 %220 = extractvalue { i32*, i64, i64 } %217, 2 %221 = ptrtoint i32* %218 to i64 %222 = trunc i64 %219 to i32 %223 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %9, i64 0, i32 10 store i32 %222, i32* %223, align 4 %224 = and i64 %221, 4294967295 %225 = icmp eq i64 %224, 0 br i1 %225, label %226, label %231, !prof !7, !misexpect !5 %227 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.565851* nonnull %1, %struct.snd_pcm_status* nonnull %9) #69 Function:snd_pcm_status %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* nonnull @snd_pcm_link_rwsem) #69 %14 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 1 %57 = bitcast %struct.anon.48* %55 to i8* %58 = bitcast %struct.anon.48* %56 to i8* %59 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.566200*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.565851*)*)(%struct.snd_pcm_substream.565851* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.566200* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.566195*, %struct.snd_pcm_runtime.566195** %12, align 8 %14 = bitcast %struct.anon.48* %9 to i8* %15 = bitcast %struct.anon.48* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.566200*)*, i64 (%struct.snd_pcm_substream.566200*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.566200* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.48* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.48* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.566184*, %struct.snd_pcm.566184** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.566184, %struct.snd_pcm.566184* %114, i64 0, i32 0 %116 = load %struct.snd_card.566176*, %struct.snd_card.566176** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.566176, %struct.snd_card.566176* %116, i64 0, i32 28 %118 = load %struct.device.566169*, %struct.device.566169** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.566169*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.566169*, i8*, ...)*)(%struct.device.566169* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.4.53713, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_common_ioctl 4 snd_pcm_ioctl ------------- Path:  Function:snd_pcm_ioctl %4 = and i32 %1, 65280 %5 = icmp eq i32 %4, 16640 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_pcm_file** %9 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %9, i64 0, i32 0 %11 = load %struct.snd_pcm_substream.565851*, %struct.snd_pcm_substream.565851** %10, align 8 %12 = inttoptr i64 %2 to i8* %13 = tail call fastcc i32 @snd_pcm_common_ioctl(%struct.file* %0, %struct.snd_pcm_substream.565851* %11, i32 %1, i8* %12) #69 Function:snd_pcm_common_ioctl %5 = alloca %struct.snd_xfern, align 8 %6 = alloca %struct.drm_dma_handle, align 8 %7 = alloca %struct.snd_pcm_sync_ptr, align 8 %8 = alloca %struct.agp_allocate, align 8 %9 = alloca %struct.snd_pcm_status, align 8 %10 = alloca %struct.snd_pcm_status, align 8 %11 = alloca %struct.snd_pcm_sw_params, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.snd_pcm_file** %15 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %14, align 8 %16 = icmp eq %struct.snd_pcm_substream.565851* %1, null br i1 %16, label %1112, label %17, !prof !4 %18 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 11 %19 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %18, align 8 %20 = icmp eq %struct.snd_pcm_runtime.565846* %19, null br i1 %20, label %1112, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 0 %23 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %22, align 8 %24 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %23, i64 0, i32 0 %25 = load %struct.snd_card.565821*, %struct.snd_card.565821** %24, align 8 %26 = tail call i32 bitcast (i32 (%struct.snd_card*, i32)* @snd_power_wait to i32 (%struct.snd_card.565821*, i32)*)(%struct.snd_card.565821* %25, i32 0) #69 %27 = icmp slt i32 %26, 0 br i1 %27, label %1112, label %28 switch i32 %2, label %1111 [ i32 -2147204864, label %29 i32 -2128592639, label %34 i32 1074020610, label %1112 i32 1074020611, label %37 i32 1074020612, label %53 i32 -1033879280, label %66 i32 -1033879279, label %85 i32 16658, label %101 i32 -1064812269, label %195 i32 -2137505504, label %206 i32 -1063763676, label %212 i32 -2145894094, label %233 i32 16704, label %283 i32 16705, label %320 i32 16706, label %322 i32 1074020704, label %343 i32 16737, label %477 i32 16711, label %479 i32 16712, label %500 i32 16674, label %529 i32 -2146942687, label %565 i32 -1064812253, label %578 i32 -1056947952, label %725 i32 -1056947951, label %832 i32 16708, label %936 i32 16707, label %938 i32 1074020677, label %974 i32 1075331408, label %997 i32 -2145894063, label %997 i32 1075331410, label %1026 i32 -2145894061, label %1026 i32 1074282822, label %1069 i32 1074282825, label %1090 ] %213 = bitcast %struct.snd_pcm_status* %9 to i8* %215 = getelementptr inbounds i8, i8* %3, i64 92 %216 = bitcast i8* %215 to i32* %217 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %216, i64 4, i64 %214) #6, !srcloc !18 %218 = extractvalue { i32*, i64, i64 } %217, 0 %219 = extractvalue { i32*, i64, i64 } %217, 1 %220 = extractvalue { i32*, i64, i64 } %217, 2 %221 = ptrtoint i32* %218 to i64 %222 = trunc i64 %219 to i32 %223 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %9, i64 0, i32 10 store i32 %222, i32* %223, align 4 %224 = and i64 %221, 4294967295 %225 = icmp eq i64 %224, 0 br i1 %225, label %226, label %231, !prof !7, !misexpect !5 %227 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.565851* nonnull %1, %struct.snd_pcm_status* nonnull %9) #69 Function:snd_pcm_status %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* nonnull @snd_pcm_link_rwsem) #69 %14 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 1 %57 = bitcast %struct.anon.48* %55 to i8* %58 = bitcast %struct.anon.48* %56 to i8* %59 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.566200*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.565851*)*)(%struct.snd_pcm_substream.565851* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.566200* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.566195*, %struct.snd_pcm_runtime.566195** %12, align 8 %14 = bitcast %struct.anon.48* %9 to i8* %15 = bitcast %struct.anon.48* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.566200*)*, i64 (%struct.snd_pcm_substream.566200*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.566200* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.48* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.48* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.566184*, %struct.snd_pcm.566184** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.566184, %struct.snd_pcm.566184* %114, i64 0, i32 0 %116 = load %struct.snd_card.566176*, %struct.snd_card.566176** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.566176, %struct.snd_card.566176* %116, i64 0, i32 28 %118 = load %struct.device.566169*, %struct.device.566169** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.566169*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.566169*, i8*, ...)*)(%struct.device.566169* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.4.53713, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_common_ioctl 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %583, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.565851*, %struct.snd_pcm_substream.565851** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.565851* %16, null br i1 %17, label %583, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %583 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %400 i32 1074544976, label %511 i32 -2146680495, label %515 i32 1074544978, label %519 i32 -2146680493, label %523 i32 -2147204831, label %527 i32 1074020678, label %541 i32 1074020681, label %562 ] %21 = tail call fastcc i32 @snd_pcm_common_ioctl(%struct.file* %0, %struct.snd_pcm_substream.565851* nonnull %16, i32 %1, i8* %9) #69 Function:snd_pcm_common_ioctl %5 = alloca %struct.snd_xfern, align 8 %6 = alloca %struct.drm_dma_handle, align 8 %7 = alloca %struct.snd_pcm_sync_ptr, align 8 %8 = alloca %struct.agp_allocate, align 8 %9 = alloca %struct.snd_pcm_status, align 8 %10 = alloca %struct.snd_pcm_status, align 8 %11 = alloca %struct.snd_pcm_sw_params, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.snd_pcm_file** %15 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %14, align 8 %16 = icmp eq %struct.snd_pcm_substream.565851* %1, null br i1 %16, label %1112, label %17, !prof !4 %18 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 11 %19 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %18, align 8 %20 = icmp eq %struct.snd_pcm_runtime.565846* %19, null br i1 %20, label %1112, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 0 %23 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %22, align 8 %24 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %23, i64 0, i32 0 %25 = load %struct.snd_card.565821*, %struct.snd_card.565821** %24, align 8 %26 = tail call i32 bitcast (i32 (%struct.snd_card*, i32)* @snd_power_wait to i32 (%struct.snd_card.565821*, i32)*)(%struct.snd_card.565821* %25, i32 0) #69 %27 = icmp slt i32 %26, 0 br i1 %27, label %1112, label %28 switch i32 %2, label %1111 [ i32 -2147204864, label %29 i32 -2128592639, label %34 i32 1074020610, label %1112 i32 1074020611, label %37 i32 1074020612, label %53 i32 -1033879280, label %66 i32 -1033879279, label %85 i32 16658, label %101 i32 -1064812269, label %195 i32 -2137505504, label %206 i32 -1063763676, label %212 i32 -2145894094, label %233 i32 16704, label %283 i32 16705, label %320 i32 16706, label %322 i32 1074020704, label %343 i32 16737, label %477 i32 16711, label %479 i32 16712, label %500 i32 16674, label %529 i32 -2146942687, label %565 i32 -1064812253, label %578 i32 -1056947952, label %725 i32 -1056947951, label %832 i32 16708, label %936 i32 16707, label %938 i32 1074020677, label %974 i32 1075331408, label %997 i32 -2145894063, label %997 i32 1075331410, label %1026 i32 -2145894061, label %1026 i32 1074282822, label %1069 i32 1074282825, label %1090 ] %213 = bitcast %struct.snd_pcm_status* %9 to i8* %215 = getelementptr inbounds i8, i8* %3, i64 92 %216 = bitcast i8* %215 to i32* %217 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %216, i64 4, i64 %214) #6, !srcloc !18 %218 = extractvalue { i32*, i64, i64 } %217, 0 %219 = extractvalue { i32*, i64, i64 } %217, 1 %220 = extractvalue { i32*, i64, i64 } %217, 2 %221 = ptrtoint i32* %218 to i64 %222 = trunc i64 %219 to i32 %223 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %9, i64 0, i32 10 store i32 %222, i32* %223, align 4 %224 = and i64 %221, 4294967295 %225 = icmp eq i64 %224, 0 br i1 %225, label %226, label %231, !prof !7, !misexpect !5 %227 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.565851* nonnull %1, %struct.snd_pcm_status* nonnull %9) #69 Function:snd_pcm_status %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* nonnull @snd_pcm_link_rwsem) #69 %14 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 1 %57 = bitcast %struct.anon.48* %55 to i8* %58 = bitcast %struct.anon.48* %56 to i8* %59 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.566200*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.565851*)*)(%struct.snd_pcm_substream.565851* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.566200* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.566195*, %struct.snd_pcm_runtime.566195** %12, align 8 %14 = bitcast %struct.anon.48* %9 to i8* %15 = bitcast %struct.anon.48* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.566200*)*, i64 (%struct.snd_pcm_substream.566200*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.566200* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.48* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.48* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.566184*, %struct.snd_pcm.566184** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.566184, %struct.snd_pcm.566184* %114, i64 0, i32 0 %116 = load %struct.snd_card.566176*, %struct.snd_card.566176** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.566176, %struct.snd_card.566176* %116, i64 0, i32 28 %118 = load %struct.device.566169*, %struct.device.566169** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.566169*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.566169*, i8*, ...)*)(%struct.device.566169* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.4.53713, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_common_ioctl 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %583, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.565851*, %struct.snd_pcm_substream.565851** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.565851* %16, null br i1 %17, label %583, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %583 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %400 i32 1074544976, label %511 i32 -2146680495, label %515 i32 1074544978, label %519 i32 -2146680493, label %523 i32 -2147204831, label %527 i32 1074020678, label %541 i32 1074020681, label %562 ] %21 = tail call fastcc i32 @snd_pcm_common_ioctl(%struct.file* %0, %struct.snd_pcm_substream.565851* nonnull %16, i32 %1, i8* %9) #69 Function:snd_pcm_common_ioctl %5 = alloca %struct.snd_xfern, align 8 %6 = alloca %struct.drm_dma_handle, align 8 %7 = alloca %struct.snd_pcm_sync_ptr, align 8 %8 = alloca %struct.agp_allocate, align 8 %9 = alloca %struct.snd_pcm_status, align 8 %10 = alloca %struct.snd_pcm_status, align 8 %11 = alloca %struct.snd_pcm_sw_params, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.snd_pcm_file** %15 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %14, align 8 %16 = icmp eq %struct.snd_pcm_substream.565851* %1, null br i1 %16, label %1112, label %17, !prof !4 %18 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 11 %19 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %18, align 8 %20 = icmp eq %struct.snd_pcm_runtime.565846* %19, null br i1 %20, label %1112, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %1, i64 0, i32 0 %23 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %22, align 8 %24 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %23, i64 0, i32 0 %25 = load %struct.snd_card.565821*, %struct.snd_card.565821** %24, align 8 %26 = tail call i32 bitcast (i32 (%struct.snd_card*, i32)* @snd_power_wait to i32 (%struct.snd_card.565821*, i32)*)(%struct.snd_card.565821* %25, i32 0) #69 %27 = icmp slt i32 %26, 0 br i1 %27, label %1112, label %28 switch i32 %2, label %1111 [ i32 -2147204864, label %29 i32 -2128592639, label %34 i32 1074020610, label %1112 i32 1074020611, label %37 i32 1074020612, label %53 i32 -1033879280, label %66 i32 -1033879279, label %85 i32 16658, label %101 i32 -1064812269, label %195 i32 -2137505504, label %206 i32 -1063763676, label %212 i32 -2145894094, label %233 i32 16704, label %283 i32 16705, label %320 i32 16706, label %322 i32 1074020704, label %343 i32 16737, label %477 i32 16711, label %479 i32 16712, label %500 i32 16674, label %529 i32 -2146942687, label %565 i32 -1064812253, label %578 i32 -1056947952, label %725 i32 -1056947951, label %832 i32 16708, label %936 i32 16707, label %938 i32 1074020677, label %974 i32 1075331408, label %997 i32 -2145894063, label %997 i32 1075331410, label %1026 i32 -2145894061, label %1026 i32 1074282822, label %1069 i32 1074282825, label %1090 ] %213 = bitcast %struct.snd_pcm_status* %9 to i8* %215 = getelementptr inbounds i8, i8* %3, i64 92 %216 = bitcast i8* %215 to i32* %217 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %216, i64 4, i64 %214) #6, !srcloc !18 %218 = extractvalue { i32*, i64, i64 } %217, 0 %219 = extractvalue { i32*, i64, i64 } %217, 1 %220 = extractvalue { i32*, i64, i64 } %217, 2 %221 = ptrtoint i32* %218 to i64 %222 = trunc i64 %219 to i32 %223 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %9, i64 0, i32 10 store i32 %222, i32* %223, align 4 %224 = and i64 %221, 4294967295 %225 = icmp eq i64 %224, 0 br i1 %225, label %226, label %231, !prof !7, !misexpect !5 %227 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.565851* nonnull %1, %struct.snd_pcm_status* nonnull %9) #69 Function:snd_pcm_status %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.565835*, %struct.snd_pcm.565835** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.565835, %struct.snd_pcm.565835* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* nonnull @snd_pcm_link_rwsem) #69 %14 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %7, i64 0, i32 1 %57 = bitcast %struct.anon.48* %55 to i8* %58 = bitcast %struct.anon.48* %56 to i8* %59 = load %struct.snd_pcm_runtime.565846*, %struct.snd_pcm_runtime.565846** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.565846, %struct.snd_pcm_runtime.565846* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.565851, %struct.snd_pcm_substream.565851* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.566200*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.565851*)*)(%struct.snd_pcm_substream.565851* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.566200* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.566195*, %struct.snd_pcm_runtime.566195** %12, align 8 %14 = bitcast %struct.anon.48* %9 to i8* %15 = bitcast %struct.anon.48* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.566200*)*, i64 (%struct.snd_pcm_substream.566200*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.566200* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.566190*, %struct.snd_pcm_ops.566190** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.566190, %struct.snd_pcm_ops.566190* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.566200*, %struct.anon.48*, %struct.anon.48*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.48* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.48* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.566200, %struct.snd_pcm_substream.566200* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.566184*, %struct.snd_pcm.566184** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.566184, %struct.snd_pcm.566184* %114, i64 0, i32 0 %116 = load %struct.snd_card.566176*, %struct.snd_card.566176** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.566176, %struct.snd_card.566176* %116, i64 0, i32 28 %118 = load %struct.device.566169*, %struct.device.566169** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.566195, %struct.snd_pcm_runtime.566195* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.566169*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.566169*, i8*, ...)*)(%struct.device.566169* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.4.53713, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #69 ------------- Use: =BAD PATH= Call Stack: 0 __snd_ctl_add 1 snd_ctl_elem_add 2 snd_ctl_ioctl 3 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_ctl_file** %12 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %11, align 8 %13 = icmp eq %struct.snd_ctl_file* %12, null br i1 %13, label %371, label %14, !prof !4 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %12, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %371, label %18, !prof !4, !misexpect !5 switch i32 %1, label %350 [ i32 -2147199744, label %19 i32 -2122820351, label %19 i32 -1073457898, label %19 i32 -1073457712, label %19 i32 -2147199535, label %19 i32 1077957908, label %19 i32 1077957909, label %19 i32 -1069525735, label %19 i32 -1073195750, label %19 i32 -1073195749, label %19 i32 -1073195748, label %19 i32 -1069001456, label %21 i32 -1055894255, label %77 i32 -1027320558, label %164 i32 -1027320557, label %280 i32 -1055894249, label %342 i32 -1055894248, label %346 ] %20 = tail call i64 @snd_ctl_ioctl(%struct.file.124204* %0, i32 %1, i64 %8) #69 Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_info, align 8 %6 = alloca %struct.snd_ctl_elem_info, align 8 %7 = alloca %struct.snd_ctl_elem_id, align 4 %8 = alloca %struct.snd_ctl_elem_id, align 4 %9 = alloca %struct.snd_ctl_elem_info, align 8 %10 = inttoptr i64 %2 to i8* %11 = inttoptr i64 %2 to i32* %12 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_ctl_file** %14 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %13, align 8 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %14, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %403, label %18, !prof !4, !misexpect !5 switch i32 %1, label %385 [ i32 -2147199744, label %19 i32 -2122820351, label %23 i32 -1068477168, label %52 i32 -1055894255, label %56 i32 -993503982, label %74 i32 -993503981, label %151 i32 1077957908, label %175 i32 1077957909, label %221 i32 -1055894249, label %269 i32 -1055894248, label %285 i32 -1069525735, label %301 i32 -1073457898, label %310 i32 -1073195750, label %358 i32 -1073195749, label %365 i32 -1073195748, label %372 i32 -1073457712, label %403 i32 -2147199535, label %379 ] %286 = bitcast %struct.snd_ctl_elem_info* %5 to i8* %287 = call i64 @_copy_from_user(i8* nonnull %286, i8* %10, i64 272) #69 %288 = icmp eq i64 %287, 0 br i1 %288, label %289, label %298 %290 = call fastcc i32 @snd_ctl_elem_add(%struct.snd_ctl_file* %14, %struct.snd_ctl_elem_info* nonnull %5, i32 1) #69 Function:snd_ctl_elem_add %4 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %0, i64 0, i32 1 %5 = load %struct.snd_card.562818*, %struct.snd_card.562818** %4, align 8 %6 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0 %7 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 4, i64 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 0 br i1 %9, label %288, label %10 %11 = tail call i64 @strnlen(i8* %7, i64 44) #69 %12 = icmp ugt i64 %11, 43 br i1 %12, label %288, label %13 %14 = icmp eq i32 %2, 0 br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 0 store i32 0, i32* %16, align 8 %17 = tail call fastcc i32 @snd_ctl_remove_user_ctl(%struct.snd_ctl_file* %0, %struct.snd_ctl_elem_id* %6) #70 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %288 %20 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 17 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, 1 %23 = icmp sgt i32 %22, 32 br i1 %23, label %288, label %24 %25 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 %28 = select i1 %27, i32 1, i32 %26 %29 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 2 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 %32 = and i32 %30, 291 %33 = select i1 %31, i32 3, i32 %32 %34 = shl nuw i32 %33, 23 %35 = and i32 %34, 268435456 %36 = or i32 %33, %35 %37 = or i32 %36, 536870912 %38 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 1 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -1 %41 = icmp ugt i32 %40, 5 br i1 %41, label %288, label %42 %43 = icmp eq i32 %39, 3 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 5, i32 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 0 br i1 %47, label %288, label %48 %49 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 3 %50 = load i32, i32* %49, align 8 %51 = icmp eq i32 %50, 0 br i1 %51, label %288, label %52 %53 = zext i32 %39 to i64 %54 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.max_value_counts, i64 0, i64 %53 %55 = load i32, i32* %54, align 4 %56 = icmp ugt i32 %50, %55 br i1 %56, label %288, label %57 %58 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 6 %59 = bitcast %union.anon.74.562822* %58 to [4 x i16]* %60 = bitcast %union.anon.74.562822* %58 to i16* %61 = load i16, i16* %60, align 8 %62 = icmp eq i16 %61, 0 br i1 %62, label %104, label %63 %105 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.value_sizes, i64 0, i64 %53 %106 = load i32, i32* %105, align 4 %107 = mul i32 %106, %50 %108 = zext i32 %107 to i64 %109 = add i32 %28, -1 %110 = icmp ugt i32 %109, 1027 br i1 %110, label %288, label %111 %112 = shl nuw nsw i32 %28, 4 %113 = add nuw nsw i32 %112, 144 %114 = zext i32 %113 to i64 %115 = tail call fastcc i8* @kzalloc.53442(i64 %114, i32 6291648) #69 %116 = bitcast i8* %115 to %struct.snd_kcontrol* %117 = icmp eq i8* %115, null br i1 %117, label %288, label %118 %119 = zext i32 %28 to i64 %120 = and i64 %119, 1 %121 = icmp eq i32 %28, 1 br i1 %121, label %135, label %122 %123 = and i64 %119, 4294967294 br label %124 %125 = phi i64 [ 0, %122 ], [ %132, %124 ] %126 = phi i64 [ %123, %122 ], [ %133, %124 ] %127 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 1 store i32 %37, i32* %127, align 8 %128 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %128, align 8 %129 = or i64 %125, 1 %130 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 1 store i32 %37, i32* %130, align 8 %131 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %131, align 8 %132 = add nuw nsw i64 %125, 2 %133 = add i64 %126, -2 %134 = icmp eq i64 %133, 0 br i1 %134, label %135, label %124 %136 = phi i64 [ 0, %118 ], [ %132, %124 ] %137 = icmp eq i64 %120, 0 br i1 %137, label %141, label %138 %142 = getelementptr inbounds i8, i8* %115, i64 80 %143 = bitcast i8* %142 to i32* store i32 %28, i32* %143, align 8 %144 = getelementptr inbounds i8, i8* %115, i64 16 %145 = bitcast %struct.snd_ctl_elem_info* %1 to i8* %146 = mul nuw i64 %108, %119 %147 = add i64 %146, 320 %148 = tail call fastcc i8* @kzalloc.53442(i64 %147, i32 6291648) #70 %149 = getelementptr inbounds i8, i8* %115, i64 128 %150 = bitcast i8* %149 to i8** store i8* %148, i8** %150, align 8 %151 = icmp eq i8* %148, null br i1 %151, label %152, label %153 %154 = getelementptr inbounds i8, i8* %115, i64 136 %155 = bitcast i8* %154 to void (%struct.snd_kcontrol*)** store void (%struct.snd_kcontrol*)* @snd_ctl_elem_user_free, void (%struct.snd_kcontrol*)** %155, align 8 %156 = getelementptr inbounds i8, i8* %148, i64 272 %157 = bitcast i8* %156 to %struct.snd_card.562818** store %struct.snd_card.562818* %5, %struct.snd_card.562818** %157, align 8 %158 = getelementptr inbounds i8, i8* %148, i64 68 %159 = bitcast i8* %158 to i32* store i32 0, i32* %159, align 4 %160 = getelementptr i8, i8* %148, i64 320 %161 = getelementptr inbounds i8, i8* %148, i64 280 %162 = bitcast i8* %161 to i8** store i8* %160, i8** %162, align 8 %163 = getelementptr inbounds i8, i8* %148, i64 288 %164 = bitcast i8* %163 to i64* store i64 %108, i64* %164, align 8 %165 = getelementptr inbounds i8, i8* %148, i64 64 %166 = bitcast i8* %165 to i32* %167 = load i32, i32* %166, align 8 %168 = icmp eq i32 %167, 3 br i1 %168, label %169, label %220 %170 = getelementptr inbounds i8, i8* %148, i64 152 %171 = bitcast i8* %170 to i64* %172 = getelementptr inbounds i8, i8* %148, i64 160 %173 = bitcast i8* %172 to i32* %174 = load i32, i32* %173, align 8 %175 = icmp ugt i32 %174, 65536 br i1 %175, label %214, label %176 %177 = bitcast i8* %170 to i8** %178 = load i8*, i8** %177, align 8 %179 = zext i32 %174 to i64 %180 = tail call i8* @vmemdup_user(i8* %178, i64 %179) #69 %181 = icmp ugt i8* %180, inttoptr (i64 -4096 to i8*) br i1 %181, label %210, label %182 %183 = getelementptr inbounds i8, i8* %148, i64 80 %184 = bitcast i8* %183 to i32* %185 = load i32, i32* %184, align 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %207, label %187 %188 = load i32, i32* %173, align 8 %189 = zext i32 %188 to i64 br label %190 %191 = phi i32 [ %204, %200 ], [ 0, %187 ] %192 = phi i8* [ %202, %200 ], [ %180, %187 ] %193 = phi i64 [ %203, %200 ], [ %189, %187 ] %194 = tail call i64 @strnlen(i8* %192, i64 %193) #69 %195 = add i64 %194, -1 %196 = icmp ugt i64 %195, 62 %197 = icmp eq i64 %194, %193 %198 = or i1 %197, %196 br i1 %198, label %199, label %200 %201 = add nuw nsw i64 %194, 1 %202 = getelementptr i8, i8* %192, i64 %201 %203 = sub i64 %193, %201 %204 = add nuw i32 %191, 1 %205 = load i32, i32* %184, align 8 %206 = icmp ult i32 %204, %205 br i1 %206, label %190, label %207 %208 = getelementptr inbounds i8, i8* %148, i64 312 %209 = bitcast i8* %208 to i8** store i8* %180, i8** %209, align 8 store i64 0, i64* %171, align 8 br label %220 %221 = load i32, i32* %38, align 8 %222 = icmp eq i32 %221, 3 %223 = getelementptr inbounds i8, i8* %115, i64 88 %224 = bitcast i8* %223 to i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %225 = select i1 %222, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_enum_info, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_info store i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* %225, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %224, align 8 %226 = and i32 %33, 1 %227 = icmp eq i32 %226, 0 br i1 %227, label %231, label %228 %232 = and i32 %33, 2 %233 = icmp eq i32 %232, 0 br i1 %233, label %237, label %234 %238 = and i32 %33, 32 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240 %244 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 14 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.124156*)*)(%struct.rw_semaphore.124156* %244) #69 %245 = tail call fastcc i32 @__snd_ctl_add(%struct.snd_card.562818* %5, %struct.snd_kcontrol* nonnull %116) #70 Function:__snd_ctl_add %3 = alloca %struct.snd_ctl_elem_id, align 4 %4 = bitcast %struct.snd_ctl_elem_id* %3 to i8* %5 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 1 %6 = bitcast %struct.snd_ctl_elem_id* %5 to i8* %7 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 5 %8 = load i32, i32* %7, align 4 %9 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = xor i32 %10, -1 %12 = icmp ugt i32 %8, %11 br i1 %12, label %96, label %13 %14 = call %struct.snd_kcontrol* @snd_ctl_find_id(%struct.snd_card.562818* %0, %struct.snd_ctl_elem_id* nonnull %3) #69 %15 = icmp eq %struct.snd_kcontrol* %14, null br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 13 %28 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 18 %29 = bitcast %struct.list_head* %28 to %struct.snd_kcontrol** %30 = load %struct.snd_kcontrol*, %struct.snd_kcontrol** %29, align 8 %31 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 %33 = load i32, i32* %27, align 8 br label %34 %35 = phi i32 [ %33, %26 ], [ %60, %59 ] %36 = phi i32 [ 100000, %26 ], [ %61, %59 ] %37 = icmp ult i32 %35, %11 br i1 %37, label %39, label %38 store i32 0, i32* %27, align 8 br label %39 %40 = phi i32 [ %35, %34 ], [ 0, %38 ] br i1 %32, label %66, label %41 %42 = add nuw i32 %40, 1 %43 = add i32 %42, %10 br label %44 %45 = phi %struct.snd_kcontrol* [ %30, %41 ], [ %56, %54 ] %46 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %45, i64 0, i32 1, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, %43 br i1 %48, label %49, label %54 %50 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %45, i64 0, i32 2 %51 = load i32, i32* %50, align 8 %52 = add i32 %51, %47 %53 = icmp ugt i32 %52, %42 br i1 %53, label %59, label %54 %60 = add i32 %52, -1 store i32 %60, i32* %27, align 8 %61 = add nsw i32 %36, -1 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %34 %64 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 28 %65 = load %struct.device.562811*, %struct.device.562811** %64, align 8 call void (%struct.device.562811*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.562811*, i8*, ...)*)(%struct.device.562811* %65, i8* getelementptr inbounds ([38 x i8], [38 x i8]* @.str.7.53440, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 __snd_ctl_add 1 snd_ctl_elem_add 2 snd_ctl_ioctl ------------- Path:  Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_info, align 8 %6 = alloca %struct.snd_ctl_elem_info, align 8 %7 = alloca %struct.snd_ctl_elem_id, align 4 %8 = alloca %struct.snd_ctl_elem_id, align 4 %9 = alloca %struct.snd_ctl_elem_info, align 8 %10 = inttoptr i64 %2 to i8* %11 = inttoptr i64 %2 to i32* %12 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_ctl_file** %14 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %13, align 8 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %14, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %403, label %18, !prof !4, !misexpect !5 switch i32 %1, label %385 [ i32 -2147199744, label %19 i32 -2122820351, label %23 i32 -1068477168, label %52 i32 -1055894255, label %56 i32 -993503982, label %74 i32 -993503981, label %151 i32 1077957908, label %175 i32 1077957909, label %221 i32 -1055894249, label %269 i32 -1055894248, label %285 i32 -1069525735, label %301 i32 -1073457898, label %310 i32 -1073195750, label %358 i32 -1073195749, label %365 i32 -1073195748, label %372 i32 -1073457712, label %403 i32 -2147199535, label %379 ] %286 = bitcast %struct.snd_ctl_elem_info* %5 to i8* %287 = call i64 @_copy_from_user(i8* nonnull %286, i8* %10, i64 272) #69 %288 = icmp eq i64 %287, 0 br i1 %288, label %289, label %298 %290 = call fastcc i32 @snd_ctl_elem_add(%struct.snd_ctl_file* %14, %struct.snd_ctl_elem_info* nonnull %5, i32 1) #69 Function:snd_ctl_elem_add %4 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %0, i64 0, i32 1 %5 = load %struct.snd_card.562818*, %struct.snd_card.562818** %4, align 8 %6 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0 %7 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 4, i64 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 0 br i1 %9, label %288, label %10 %11 = tail call i64 @strnlen(i8* %7, i64 44) #69 %12 = icmp ugt i64 %11, 43 br i1 %12, label %288, label %13 %14 = icmp eq i32 %2, 0 br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 0 store i32 0, i32* %16, align 8 %17 = tail call fastcc i32 @snd_ctl_remove_user_ctl(%struct.snd_ctl_file* %0, %struct.snd_ctl_elem_id* %6) #70 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %288 %20 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 17 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, 1 %23 = icmp sgt i32 %22, 32 br i1 %23, label %288, label %24 %25 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 %28 = select i1 %27, i32 1, i32 %26 %29 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 2 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 %32 = and i32 %30, 291 %33 = select i1 %31, i32 3, i32 %32 %34 = shl nuw i32 %33, 23 %35 = and i32 %34, 268435456 %36 = or i32 %33, %35 %37 = or i32 %36, 536870912 %38 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 1 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -1 %41 = icmp ugt i32 %40, 5 br i1 %41, label %288, label %42 %43 = icmp eq i32 %39, 3 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 5, i32 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 0 br i1 %47, label %288, label %48 %49 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 3 %50 = load i32, i32* %49, align 8 %51 = icmp eq i32 %50, 0 br i1 %51, label %288, label %52 %53 = zext i32 %39 to i64 %54 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.max_value_counts, i64 0, i64 %53 %55 = load i32, i32* %54, align 4 %56 = icmp ugt i32 %50, %55 br i1 %56, label %288, label %57 %58 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 6 %59 = bitcast %union.anon.74.562822* %58 to [4 x i16]* %60 = bitcast %union.anon.74.562822* %58 to i16* %61 = load i16, i16* %60, align 8 %62 = icmp eq i16 %61, 0 br i1 %62, label %104, label %63 %105 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.value_sizes, i64 0, i64 %53 %106 = load i32, i32* %105, align 4 %107 = mul i32 %106, %50 %108 = zext i32 %107 to i64 %109 = add i32 %28, -1 %110 = icmp ugt i32 %109, 1027 br i1 %110, label %288, label %111 %112 = shl nuw nsw i32 %28, 4 %113 = add nuw nsw i32 %112, 144 %114 = zext i32 %113 to i64 %115 = tail call fastcc i8* @kzalloc.53442(i64 %114, i32 6291648) #69 %116 = bitcast i8* %115 to %struct.snd_kcontrol* %117 = icmp eq i8* %115, null br i1 %117, label %288, label %118 %119 = zext i32 %28 to i64 %120 = and i64 %119, 1 %121 = icmp eq i32 %28, 1 br i1 %121, label %135, label %122 %123 = and i64 %119, 4294967294 br label %124 %125 = phi i64 [ 0, %122 ], [ %132, %124 ] %126 = phi i64 [ %123, %122 ], [ %133, %124 ] %127 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 1 store i32 %37, i32* %127, align 8 %128 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %128, align 8 %129 = or i64 %125, 1 %130 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 1 store i32 %37, i32* %130, align 8 %131 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %131, align 8 %132 = add nuw nsw i64 %125, 2 %133 = add i64 %126, -2 %134 = icmp eq i64 %133, 0 br i1 %134, label %135, label %124 %136 = phi i64 [ 0, %118 ], [ %132, %124 ] %137 = icmp eq i64 %120, 0 br i1 %137, label %141, label %138 %142 = getelementptr inbounds i8, i8* %115, i64 80 %143 = bitcast i8* %142 to i32* store i32 %28, i32* %143, align 8 %144 = getelementptr inbounds i8, i8* %115, i64 16 %145 = bitcast %struct.snd_ctl_elem_info* %1 to i8* %146 = mul nuw i64 %108, %119 %147 = add i64 %146, 320 %148 = tail call fastcc i8* @kzalloc.53442(i64 %147, i32 6291648) #70 %149 = getelementptr inbounds i8, i8* %115, i64 128 %150 = bitcast i8* %149 to i8** store i8* %148, i8** %150, align 8 %151 = icmp eq i8* %148, null br i1 %151, label %152, label %153 %154 = getelementptr inbounds i8, i8* %115, i64 136 %155 = bitcast i8* %154 to void (%struct.snd_kcontrol*)** store void (%struct.snd_kcontrol*)* @snd_ctl_elem_user_free, void (%struct.snd_kcontrol*)** %155, align 8 %156 = getelementptr inbounds i8, i8* %148, i64 272 %157 = bitcast i8* %156 to %struct.snd_card.562818** store %struct.snd_card.562818* %5, %struct.snd_card.562818** %157, align 8 %158 = getelementptr inbounds i8, i8* %148, i64 68 %159 = bitcast i8* %158 to i32* store i32 0, i32* %159, align 4 %160 = getelementptr i8, i8* %148, i64 320 %161 = getelementptr inbounds i8, i8* %148, i64 280 %162 = bitcast i8* %161 to i8** store i8* %160, i8** %162, align 8 %163 = getelementptr inbounds i8, i8* %148, i64 288 %164 = bitcast i8* %163 to i64* store i64 %108, i64* %164, align 8 %165 = getelementptr inbounds i8, i8* %148, i64 64 %166 = bitcast i8* %165 to i32* %167 = load i32, i32* %166, align 8 %168 = icmp eq i32 %167, 3 br i1 %168, label %169, label %220 %170 = getelementptr inbounds i8, i8* %148, i64 152 %171 = bitcast i8* %170 to i64* %172 = getelementptr inbounds i8, i8* %148, i64 160 %173 = bitcast i8* %172 to i32* %174 = load i32, i32* %173, align 8 %175 = icmp ugt i32 %174, 65536 br i1 %175, label %214, label %176 %177 = bitcast i8* %170 to i8** %178 = load i8*, i8** %177, align 8 %179 = zext i32 %174 to i64 %180 = tail call i8* @vmemdup_user(i8* %178, i64 %179) #69 %181 = icmp ugt i8* %180, inttoptr (i64 -4096 to i8*) br i1 %181, label %210, label %182 %183 = getelementptr inbounds i8, i8* %148, i64 80 %184 = bitcast i8* %183 to i32* %185 = load i32, i32* %184, align 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %207, label %187 %188 = load i32, i32* %173, align 8 %189 = zext i32 %188 to i64 br label %190 %191 = phi i32 [ %204, %200 ], [ 0, %187 ] %192 = phi i8* [ %202, %200 ], [ %180, %187 ] %193 = phi i64 [ %203, %200 ], [ %189, %187 ] %194 = tail call i64 @strnlen(i8* %192, i64 %193) #69 %195 = add i64 %194, -1 %196 = icmp ugt i64 %195, 62 %197 = icmp eq i64 %194, %193 %198 = or i1 %197, %196 br i1 %198, label %199, label %200 %201 = add nuw nsw i64 %194, 1 %202 = getelementptr i8, i8* %192, i64 %201 %203 = sub i64 %193, %201 %204 = add nuw i32 %191, 1 %205 = load i32, i32* %184, align 8 %206 = icmp ult i32 %204, %205 br i1 %206, label %190, label %207 %208 = getelementptr inbounds i8, i8* %148, i64 312 %209 = bitcast i8* %208 to i8** store i8* %180, i8** %209, align 8 store i64 0, i64* %171, align 8 br label %220 %221 = load i32, i32* %38, align 8 %222 = icmp eq i32 %221, 3 %223 = getelementptr inbounds i8, i8* %115, i64 88 %224 = bitcast i8* %223 to i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %225 = select i1 %222, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_enum_info, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_info store i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* %225, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %224, align 8 %226 = and i32 %33, 1 %227 = icmp eq i32 %226, 0 br i1 %227, label %231, label %228 %232 = and i32 %33, 2 %233 = icmp eq i32 %232, 0 br i1 %233, label %237, label %234 %238 = and i32 %33, 32 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240 %244 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 14 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.124156*)*)(%struct.rw_semaphore.124156* %244) #69 %245 = tail call fastcc i32 @__snd_ctl_add(%struct.snd_card.562818* %5, %struct.snd_kcontrol* nonnull %116) #70 Function:__snd_ctl_add %3 = alloca %struct.snd_ctl_elem_id, align 4 %4 = bitcast %struct.snd_ctl_elem_id* %3 to i8* %5 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 1 %6 = bitcast %struct.snd_ctl_elem_id* %5 to i8* %7 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 5 %8 = load i32, i32* %7, align 4 %9 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = xor i32 %10, -1 %12 = icmp ugt i32 %8, %11 br i1 %12, label %96, label %13 %14 = call %struct.snd_kcontrol* @snd_ctl_find_id(%struct.snd_card.562818* %0, %struct.snd_ctl_elem_id* nonnull %3) #69 %15 = icmp eq %struct.snd_kcontrol* %14, null br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 13 %28 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 18 %29 = bitcast %struct.list_head* %28 to %struct.snd_kcontrol** %30 = load %struct.snd_kcontrol*, %struct.snd_kcontrol** %29, align 8 %31 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 %33 = load i32, i32* %27, align 8 br label %34 %35 = phi i32 [ %33, %26 ], [ %60, %59 ] %36 = phi i32 [ 100000, %26 ], [ %61, %59 ] %37 = icmp ult i32 %35, %11 br i1 %37, label %39, label %38 store i32 0, i32* %27, align 8 br label %39 %40 = phi i32 [ %35, %34 ], [ 0, %38 ] br i1 %32, label %66, label %41 %42 = add nuw i32 %40, 1 %43 = add i32 %42, %10 br label %44 %45 = phi %struct.snd_kcontrol* [ %30, %41 ], [ %56, %54 ] %46 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %45, i64 0, i32 1, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, %43 br i1 %48, label %49, label %54 %50 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %45, i64 0, i32 2 %51 = load i32, i32* %50, align 8 %52 = add i32 %51, %47 %53 = icmp ugt i32 %52, %42 br i1 %53, label %59, label %54 %60 = add i32 %52, -1 store i32 %60, i32* %27, align 8 %61 = add nsw i32 %36, -1 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %34 %64 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 28 %65 = load %struct.device.562811*, %struct.device.562811** %64, align 8 call void (%struct.device.562811*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.562811*, i8*, ...)*)(%struct.device.562811* %65, i8* getelementptr inbounds ([38 x i8], [38 x i8]* @.str.7.53440, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 __snd_ctl_add 1 snd_ctl_elem_add 2 snd_ctl_ioctl 3 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_ctl_file** %12 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %11, align 8 %13 = icmp eq %struct.snd_ctl_file* %12, null br i1 %13, label %371, label %14, !prof !4 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %12, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %371, label %18, !prof !4, !misexpect !5 switch i32 %1, label %350 [ i32 -2147199744, label %19 i32 -2122820351, label %19 i32 -1073457898, label %19 i32 -1073457712, label %19 i32 -2147199535, label %19 i32 1077957908, label %19 i32 1077957909, label %19 i32 -1069525735, label %19 i32 -1073195750, label %19 i32 -1073195749, label %19 i32 -1073195748, label %19 i32 -1069001456, label %21 i32 -1055894255, label %77 i32 -1027320558, label %164 i32 -1027320557, label %280 i32 -1055894249, label %342 i32 -1055894248, label %346 ] %20 = tail call i64 @snd_ctl_ioctl(%struct.file.124204* %0, i32 %1, i64 %8) #69 Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_info, align 8 %6 = alloca %struct.snd_ctl_elem_info, align 8 %7 = alloca %struct.snd_ctl_elem_id, align 4 %8 = alloca %struct.snd_ctl_elem_id, align 4 %9 = alloca %struct.snd_ctl_elem_info, align 8 %10 = inttoptr i64 %2 to i8* %11 = inttoptr i64 %2 to i32* %12 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_ctl_file** %14 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %13, align 8 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %14, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %403, label %18, !prof !4, !misexpect !5 switch i32 %1, label %385 [ i32 -2147199744, label %19 i32 -2122820351, label %23 i32 -1068477168, label %52 i32 -1055894255, label %56 i32 -993503982, label %74 i32 -993503981, label %151 i32 1077957908, label %175 i32 1077957909, label %221 i32 -1055894249, label %269 i32 -1055894248, label %285 i32 -1069525735, label %301 i32 -1073457898, label %310 i32 -1073195750, label %358 i32 -1073195749, label %365 i32 -1073195748, label %372 i32 -1073457712, label %403 i32 -2147199535, label %379 ] %286 = bitcast %struct.snd_ctl_elem_info* %5 to i8* %287 = call i64 @_copy_from_user(i8* nonnull %286, i8* %10, i64 272) #69 %288 = icmp eq i64 %287, 0 br i1 %288, label %289, label %298 %290 = call fastcc i32 @snd_ctl_elem_add(%struct.snd_ctl_file* %14, %struct.snd_ctl_elem_info* nonnull %5, i32 1) #69 Function:snd_ctl_elem_add %4 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %0, i64 0, i32 1 %5 = load %struct.snd_card.562818*, %struct.snd_card.562818** %4, align 8 %6 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0 %7 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 4, i64 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 0 br i1 %9, label %288, label %10 %11 = tail call i64 @strnlen(i8* %7, i64 44) #69 %12 = icmp ugt i64 %11, 43 br i1 %12, label %288, label %13 %14 = icmp eq i32 %2, 0 br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 0 store i32 0, i32* %16, align 8 %17 = tail call fastcc i32 @snd_ctl_remove_user_ctl(%struct.snd_ctl_file* %0, %struct.snd_ctl_elem_id* %6) #70 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %288 %20 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 17 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, 1 %23 = icmp sgt i32 %22, 32 br i1 %23, label %288, label %24 %25 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 %28 = select i1 %27, i32 1, i32 %26 %29 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 2 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 %32 = and i32 %30, 291 %33 = select i1 %31, i32 3, i32 %32 %34 = shl nuw i32 %33, 23 %35 = and i32 %34, 268435456 %36 = or i32 %33, %35 %37 = or i32 %36, 536870912 %38 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 1 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -1 %41 = icmp ugt i32 %40, 5 br i1 %41, label %288, label %42 %43 = icmp eq i32 %39, 3 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 5, i32 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 0 br i1 %47, label %288, label %48 %49 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 3 %50 = load i32, i32* %49, align 8 %51 = icmp eq i32 %50, 0 br i1 %51, label %288, label %52 %53 = zext i32 %39 to i64 %54 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.max_value_counts, i64 0, i64 %53 %55 = load i32, i32* %54, align 4 %56 = icmp ugt i32 %50, %55 br i1 %56, label %288, label %57 %58 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 6 %59 = bitcast %union.anon.74.562822* %58 to [4 x i16]* %60 = bitcast %union.anon.74.562822* %58 to i16* %61 = load i16, i16* %60, align 8 %62 = icmp eq i16 %61, 0 br i1 %62, label %104, label %63 %105 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.value_sizes, i64 0, i64 %53 %106 = load i32, i32* %105, align 4 %107 = mul i32 %106, %50 %108 = zext i32 %107 to i64 %109 = add i32 %28, -1 %110 = icmp ugt i32 %109, 1027 br i1 %110, label %288, label %111 %112 = shl nuw nsw i32 %28, 4 %113 = add nuw nsw i32 %112, 144 %114 = zext i32 %113 to i64 %115 = tail call fastcc i8* @kzalloc.53442(i64 %114, i32 6291648) #69 %116 = bitcast i8* %115 to %struct.snd_kcontrol* %117 = icmp eq i8* %115, null br i1 %117, label %288, label %118 %119 = zext i32 %28 to i64 %120 = and i64 %119, 1 %121 = icmp eq i32 %28, 1 br i1 %121, label %135, label %122 %123 = and i64 %119, 4294967294 br label %124 %125 = phi i64 [ 0, %122 ], [ %132, %124 ] %126 = phi i64 [ %123, %122 ], [ %133, %124 ] %127 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 1 store i32 %37, i32* %127, align 8 %128 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %128, align 8 %129 = or i64 %125, 1 %130 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 1 store i32 %37, i32* %130, align 8 %131 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %131, align 8 %132 = add nuw nsw i64 %125, 2 %133 = add i64 %126, -2 %134 = icmp eq i64 %133, 0 br i1 %134, label %135, label %124 %136 = phi i64 [ 0, %118 ], [ %132, %124 ] %137 = icmp eq i64 %120, 0 br i1 %137, label %141, label %138 %142 = getelementptr inbounds i8, i8* %115, i64 80 %143 = bitcast i8* %142 to i32* store i32 %28, i32* %143, align 8 %144 = getelementptr inbounds i8, i8* %115, i64 16 %145 = bitcast %struct.snd_ctl_elem_info* %1 to i8* %146 = mul nuw i64 %108, %119 %147 = add i64 %146, 320 %148 = tail call fastcc i8* @kzalloc.53442(i64 %147, i32 6291648) #70 %149 = getelementptr inbounds i8, i8* %115, i64 128 %150 = bitcast i8* %149 to i8** store i8* %148, i8** %150, align 8 %151 = icmp eq i8* %148, null br i1 %151, label %152, label %153 %154 = getelementptr inbounds i8, i8* %115, i64 136 %155 = bitcast i8* %154 to void (%struct.snd_kcontrol*)** store void (%struct.snd_kcontrol*)* @snd_ctl_elem_user_free, void (%struct.snd_kcontrol*)** %155, align 8 %156 = getelementptr inbounds i8, i8* %148, i64 272 %157 = bitcast i8* %156 to %struct.snd_card.562818** store %struct.snd_card.562818* %5, %struct.snd_card.562818** %157, align 8 %158 = getelementptr inbounds i8, i8* %148, i64 68 %159 = bitcast i8* %158 to i32* store i32 0, i32* %159, align 4 %160 = getelementptr i8, i8* %148, i64 320 %161 = getelementptr inbounds i8, i8* %148, i64 280 %162 = bitcast i8* %161 to i8** store i8* %160, i8** %162, align 8 %163 = getelementptr inbounds i8, i8* %148, i64 288 %164 = bitcast i8* %163 to i64* store i64 %108, i64* %164, align 8 %165 = getelementptr inbounds i8, i8* %148, i64 64 %166 = bitcast i8* %165 to i32* %167 = load i32, i32* %166, align 8 %168 = icmp eq i32 %167, 3 br i1 %168, label %169, label %220 %170 = getelementptr inbounds i8, i8* %148, i64 152 %171 = bitcast i8* %170 to i64* %172 = getelementptr inbounds i8, i8* %148, i64 160 %173 = bitcast i8* %172 to i32* %174 = load i32, i32* %173, align 8 %175 = icmp ugt i32 %174, 65536 br i1 %175, label %214, label %176 %177 = bitcast i8* %170 to i8** %178 = load i8*, i8** %177, align 8 %179 = zext i32 %174 to i64 %180 = tail call i8* @vmemdup_user(i8* %178, i64 %179) #69 %181 = icmp ugt i8* %180, inttoptr (i64 -4096 to i8*) br i1 %181, label %210, label %182 %183 = getelementptr inbounds i8, i8* %148, i64 80 %184 = bitcast i8* %183 to i32* %185 = load i32, i32* %184, align 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %207, label %187 %188 = load i32, i32* %173, align 8 %189 = zext i32 %188 to i64 br label %190 %191 = phi i32 [ %204, %200 ], [ 0, %187 ] %192 = phi i8* [ %202, %200 ], [ %180, %187 ] %193 = phi i64 [ %203, %200 ], [ %189, %187 ] %194 = tail call i64 @strnlen(i8* %192, i64 %193) #69 %195 = add i64 %194, -1 %196 = icmp ugt i64 %195, 62 %197 = icmp eq i64 %194, %193 %198 = or i1 %197, %196 br i1 %198, label %199, label %200 %201 = add nuw nsw i64 %194, 1 %202 = getelementptr i8, i8* %192, i64 %201 %203 = sub i64 %193, %201 %204 = add nuw i32 %191, 1 %205 = load i32, i32* %184, align 8 %206 = icmp ult i32 %204, %205 br i1 %206, label %190, label %207 %208 = getelementptr inbounds i8, i8* %148, i64 312 %209 = bitcast i8* %208 to i8** store i8* %180, i8** %209, align 8 store i64 0, i64* %171, align 8 br label %220 %221 = load i32, i32* %38, align 8 %222 = icmp eq i32 %221, 3 %223 = getelementptr inbounds i8, i8* %115, i64 88 %224 = bitcast i8* %223 to i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %225 = select i1 %222, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_enum_info, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_info store i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* %225, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %224, align 8 %226 = and i32 %33, 1 %227 = icmp eq i32 %226, 0 br i1 %227, label %231, label %228 %232 = and i32 %33, 2 %233 = icmp eq i32 %232, 0 br i1 %233, label %237, label %234 %238 = and i32 %33, 32 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240 %244 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 14 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.124156*)*)(%struct.rw_semaphore.124156* %244) #69 %245 = tail call fastcc i32 @__snd_ctl_add(%struct.snd_card.562818* %5, %struct.snd_kcontrol* nonnull %116) #70 Function:__snd_ctl_add %3 = alloca %struct.snd_ctl_elem_id, align 4 %4 = bitcast %struct.snd_ctl_elem_id* %3 to i8* %5 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 1 %6 = bitcast %struct.snd_ctl_elem_id* %5 to i8* %7 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 5 %8 = load i32, i32* %7, align 4 %9 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = xor i32 %10, -1 %12 = icmp ugt i32 %8, %11 br i1 %12, label %96, label %13 %14 = call %struct.snd_kcontrol* @snd_ctl_find_id(%struct.snd_card.562818* %0, %struct.snd_ctl_elem_id* nonnull %3) #69 %15 = icmp eq %struct.snd_kcontrol* %14, null br i1 %15, label %26, label %16 %17 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 28 %18 = load %struct.device.562811*, %struct.device.562811** %17, align 8 %19 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 4, i64 0 call void (%struct.device.562811*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.562811*, i8*, ...)*)(%struct.device.562811* %18, i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.6.53446, i64 0, i64 0), i32 %20, i32 %22, i32 %24, i8* %25, i32 %8) #70 ------------- Use: =BAD PATH= Call Stack: 0 __snd_ctl_add 1 snd_ctl_elem_add 2 snd_ctl_ioctl ------------- Path:  Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_info, align 8 %6 = alloca %struct.snd_ctl_elem_info, align 8 %7 = alloca %struct.snd_ctl_elem_id, align 4 %8 = alloca %struct.snd_ctl_elem_id, align 4 %9 = alloca %struct.snd_ctl_elem_info, align 8 %10 = inttoptr i64 %2 to i8* %11 = inttoptr i64 %2 to i32* %12 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_ctl_file** %14 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %13, align 8 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %14, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %403, label %18, !prof !4, !misexpect !5 switch i32 %1, label %385 [ i32 -2147199744, label %19 i32 -2122820351, label %23 i32 -1068477168, label %52 i32 -1055894255, label %56 i32 -993503982, label %74 i32 -993503981, label %151 i32 1077957908, label %175 i32 1077957909, label %221 i32 -1055894249, label %269 i32 -1055894248, label %285 i32 -1069525735, label %301 i32 -1073457898, label %310 i32 -1073195750, label %358 i32 -1073195749, label %365 i32 -1073195748, label %372 i32 -1073457712, label %403 i32 -2147199535, label %379 ] %286 = bitcast %struct.snd_ctl_elem_info* %5 to i8* %287 = call i64 @_copy_from_user(i8* nonnull %286, i8* %10, i64 272) #69 %288 = icmp eq i64 %287, 0 br i1 %288, label %289, label %298 %290 = call fastcc i32 @snd_ctl_elem_add(%struct.snd_ctl_file* %14, %struct.snd_ctl_elem_info* nonnull %5, i32 1) #69 Function:snd_ctl_elem_add %4 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %0, i64 0, i32 1 %5 = load %struct.snd_card.562818*, %struct.snd_card.562818** %4, align 8 %6 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0 %7 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 4, i64 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 0 br i1 %9, label %288, label %10 %11 = tail call i64 @strnlen(i8* %7, i64 44) #69 %12 = icmp ugt i64 %11, 43 br i1 %12, label %288, label %13 %14 = icmp eq i32 %2, 0 br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 0, i32 0 store i32 0, i32* %16, align 8 %17 = tail call fastcc i32 @snd_ctl_remove_user_ctl(%struct.snd_ctl_file* %0, %struct.snd_ctl_elem_id* %6) #70 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %288 %20 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 17 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, 1 %23 = icmp sgt i32 %22, 32 br i1 %23, label %288, label %24 %25 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 %28 = select i1 %27, i32 1, i32 %26 %29 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 2 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 %32 = and i32 %30, 291 %33 = select i1 %31, i32 3, i32 %32 %34 = shl nuw i32 %33, 23 %35 = and i32 %34, 268435456 %36 = or i32 %33, %35 %37 = or i32 %36, 536870912 %38 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 1 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -1 %41 = icmp ugt i32 %40, 5 br i1 %41, label %288, label %42 %43 = icmp eq i32 %39, 3 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 5, i32 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 0 br i1 %47, label %288, label %48 %49 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 3 %50 = load i32, i32* %49, align 8 %51 = icmp eq i32 %50, 0 br i1 %51, label %288, label %52 %53 = zext i32 %39 to i64 %54 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.max_value_counts, i64 0, i64 %53 %55 = load i32, i32* %54, align 4 %56 = icmp ugt i32 %50, %55 br i1 %56, label %288, label %57 %58 = getelementptr inbounds %struct.snd_ctl_elem_info, %struct.snd_ctl_elem_info* %1, i64 0, i32 6 %59 = bitcast %union.anon.74.562822* %58 to [4 x i16]* %60 = bitcast %union.anon.74.562822* %58 to i16* %61 = load i16, i16* %60, align 8 %62 = icmp eq i16 %61, 0 br i1 %62, label %104, label %63 %105 = getelementptr [7 x i32], [7 x i32]* @snd_ctl_elem_add.value_sizes, i64 0, i64 %53 %106 = load i32, i32* %105, align 4 %107 = mul i32 %106, %50 %108 = zext i32 %107 to i64 %109 = add i32 %28, -1 %110 = icmp ugt i32 %109, 1027 br i1 %110, label %288, label %111 %112 = shl nuw nsw i32 %28, 4 %113 = add nuw nsw i32 %112, 144 %114 = zext i32 %113 to i64 %115 = tail call fastcc i8* @kzalloc.53442(i64 %114, i32 6291648) #69 %116 = bitcast i8* %115 to %struct.snd_kcontrol* %117 = icmp eq i8* %115, null br i1 %117, label %288, label %118 %119 = zext i32 %28 to i64 %120 = and i64 %119, 1 %121 = icmp eq i32 %28, 1 br i1 %121, label %135, label %122 %123 = and i64 %119, 4294967294 br label %124 %125 = phi i64 [ 0, %122 ], [ %132, %124 ] %126 = phi i64 [ %123, %122 ], [ %133, %124 ] %127 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 1 store i32 %37, i32* %127, align 8 %128 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %125, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %128, align 8 %129 = or i64 %125, 1 %130 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 1 store i32 %37, i32* %130, align 8 %131 = getelementptr %struct.snd_kcontrol, %struct.snd_kcontrol* %116, i64 0, i32 10, i64 %129, i32 0 store %struct.snd_ctl_file* %0, %struct.snd_ctl_file** %131, align 8 %132 = add nuw nsw i64 %125, 2 %133 = add i64 %126, -2 %134 = icmp eq i64 %133, 0 br i1 %134, label %135, label %124 %136 = phi i64 [ 0, %118 ], [ %132, %124 ] %137 = icmp eq i64 %120, 0 br i1 %137, label %141, label %138 %142 = getelementptr inbounds i8, i8* %115, i64 80 %143 = bitcast i8* %142 to i32* store i32 %28, i32* %143, align 8 %144 = getelementptr inbounds i8, i8* %115, i64 16 %145 = bitcast %struct.snd_ctl_elem_info* %1 to i8* %146 = mul nuw i64 %108, %119 %147 = add i64 %146, 320 %148 = tail call fastcc i8* @kzalloc.53442(i64 %147, i32 6291648) #70 %149 = getelementptr inbounds i8, i8* %115, i64 128 %150 = bitcast i8* %149 to i8** store i8* %148, i8** %150, align 8 %151 = icmp eq i8* %148, null br i1 %151, label %152, label %153 %154 = getelementptr inbounds i8, i8* %115, i64 136 %155 = bitcast i8* %154 to void (%struct.snd_kcontrol*)** store void (%struct.snd_kcontrol*)* @snd_ctl_elem_user_free, void (%struct.snd_kcontrol*)** %155, align 8 %156 = getelementptr inbounds i8, i8* %148, i64 272 %157 = bitcast i8* %156 to %struct.snd_card.562818** store %struct.snd_card.562818* %5, %struct.snd_card.562818** %157, align 8 %158 = getelementptr inbounds i8, i8* %148, i64 68 %159 = bitcast i8* %158 to i32* store i32 0, i32* %159, align 4 %160 = getelementptr i8, i8* %148, i64 320 %161 = getelementptr inbounds i8, i8* %148, i64 280 %162 = bitcast i8* %161 to i8** store i8* %160, i8** %162, align 8 %163 = getelementptr inbounds i8, i8* %148, i64 288 %164 = bitcast i8* %163 to i64* store i64 %108, i64* %164, align 8 %165 = getelementptr inbounds i8, i8* %148, i64 64 %166 = bitcast i8* %165 to i32* %167 = load i32, i32* %166, align 8 %168 = icmp eq i32 %167, 3 br i1 %168, label %169, label %220 %170 = getelementptr inbounds i8, i8* %148, i64 152 %171 = bitcast i8* %170 to i64* %172 = getelementptr inbounds i8, i8* %148, i64 160 %173 = bitcast i8* %172 to i32* %174 = load i32, i32* %173, align 8 %175 = icmp ugt i32 %174, 65536 br i1 %175, label %214, label %176 %177 = bitcast i8* %170 to i8** %178 = load i8*, i8** %177, align 8 %179 = zext i32 %174 to i64 %180 = tail call i8* @vmemdup_user(i8* %178, i64 %179) #69 %181 = icmp ugt i8* %180, inttoptr (i64 -4096 to i8*) br i1 %181, label %210, label %182 %183 = getelementptr inbounds i8, i8* %148, i64 80 %184 = bitcast i8* %183 to i32* %185 = load i32, i32* %184, align 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %207, label %187 %188 = load i32, i32* %173, align 8 %189 = zext i32 %188 to i64 br label %190 %191 = phi i32 [ %204, %200 ], [ 0, %187 ] %192 = phi i8* [ %202, %200 ], [ %180, %187 ] %193 = phi i64 [ %203, %200 ], [ %189, %187 ] %194 = tail call i64 @strnlen(i8* %192, i64 %193) #69 %195 = add i64 %194, -1 %196 = icmp ugt i64 %195, 62 %197 = icmp eq i64 %194, %193 %198 = or i1 %197, %196 br i1 %198, label %199, label %200 %201 = add nuw nsw i64 %194, 1 %202 = getelementptr i8, i8* %192, i64 %201 %203 = sub i64 %193, %201 %204 = add nuw i32 %191, 1 %205 = load i32, i32* %184, align 8 %206 = icmp ult i32 %204, %205 br i1 %206, label %190, label %207 %208 = getelementptr inbounds i8, i8* %148, i64 312 %209 = bitcast i8* %208 to i8** store i8* %180, i8** %209, align 8 store i64 0, i64* %171, align 8 br label %220 %221 = load i32, i32* %38, align 8 %222 = icmp eq i32 %221, 3 %223 = getelementptr inbounds i8, i8* %115, i64 88 %224 = bitcast i8* %223 to i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %225 = select i1 %222, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_enum_info, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* @snd_ctl_elem_user_info store i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)* %225, i32 (%struct.snd_kcontrol*, %struct.snd_ctl_elem_info*)** %224, align 8 %226 = and i32 %33, 1 %227 = icmp eq i32 %226, 0 br i1 %227, label %231, label %228 %232 = and i32 %33, 2 %233 = icmp eq i32 %232, 0 br i1 %233, label %237, label %234 %238 = and i32 %33, 32 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240 %244 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %5, i64 0, i32 14 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.124156*)*)(%struct.rw_semaphore.124156* %244) #69 %245 = tail call fastcc i32 @__snd_ctl_add(%struct.snd_card.562818* %5, %struct.snd_kcontrol* nonnull %116) #70 Function:__snd_ctl_add %3 = alloca %struct.snd_ctl_elem_id, align 4 %4 = bitcast %struct.snd_ctl_elem_id* %3 to i8* %5 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 1 %6 = bitcast %struct.snd_ctl_elem_id* %5 to i8* %7 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 5 %8 = load i32, i32* %7, align 4 %9 = getelementptr inbounds %struct.snd_kcontrol, %struct.snd_kcontrol* %1, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = xor i32 %10, -1 %12 = icmp ugt i32 %8, %11 br i1 %12, label %96, label %13 %14 = call %struct.snd_kcontrol* @snd_ctl_find_id(%struct.snd_card.562818* %0, %struct.snd_ctl_elem_id* nonnull %3) #69 %15 = icmp eq %struct.snd_kcontrol* %14, null br i1 %15, label %26, label %16 %17 = getelementptr inbounds %struct.snd_card.562818, %struct.snd_card.562818* %0, i64 0, i32 28 %18 = load %struct.device.562811*, %struct.device.562811** %17, align 8 %19 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = getelementptr inbounds %struct.snd_ctl_elem_id, %struct.snd_ctl_elem_id* %3, i64 0, i32 4, i64 0 call void (%struct.device.562811*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.562811*, i8*, ...)*)(%struct.device.562811* %18, i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.6.53446, i64 0, i64 0), i32 %20, i32 %22, i32 %24, i8* %25, i32 %8) #70 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_highest_perf ------------- Path:  Function:show_highest_perf %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_lowest_perf ------------- Path:  Function:show_lowest_perf %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_lowest_nonlinear_perf ------------- Path:  Function:show_lowest_nonlinear_perf %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_nominal_perf ------------- Path:  Function:show_nominal_perf %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_nominal_freq ------------- Path:  Function:show_nominal_freq %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_caps 3 show_lowest_freq ------------- Path:  Function:show_lowest_freq %4 = alloca %struct.mmap_arg_struct32, align 4 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.mmap_arg_struct32* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_caps(i32 %9, %struct.mmap_arg_struct32* nonnull %4) #69 Function:cppc_get_perf_caps %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = sext i32 %0 to i64 %10 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %9 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %13 = inttoptr i64 %12 to %struct.cpc_desc** %14 = load %struct.cpc_desc*, %struct.cpc_desc** %13, align 8 %15 = bitcast i64* %3 to i8* %16 = bitcast i64* %4 to i8* %17 = bitcast i64* %5 to i8* %18 = bitcast i64* %6 to i8* %19 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %20 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 %21 = add i64 %11, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq %struct.cpc_desc* %14, null br i1 %24, label %199, label %25 %26 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5 %27 = getelementptr [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0 %28 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2 %30 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1 %31 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19 %32 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20 %33 = getelementptr inbounds [21 x %struct.cpc_register_resource], [21 x %struct.cpc_register_resource]* %26, i64 0, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 3 br i1 %35, label %36, label %42 %37 = getelementptr inbounds %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 0, i32 2 %38 = bitcast %union.anon.62.306808* %37 to %struct.cpc_reg* %39 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %38, i64 0, i32 2 %40 = load i8, i8* %39, align 1 %41 = icmp eq i8 %40, 10 br i1 %41, label %92, label %42 %43 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %28, i64 0, i32 0 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 3 br i1 %45, label %46, label %52 %47 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 3, i32 2 %48 = bitcast %union.anon.62.306808* %47 to %struct.cpc_reg* %49 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %48, i64 0, i32 2 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 10 br i1 %51, label %92, label %52 %53 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %29, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 3 br i1 %55, label %56, label %62 %57 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 2, i32 2 %58 = bitcast %union.anon.62.306808* %57 to %struct.cpc_reg* %59 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %58, i64 0, i32 2 %60 = load i8, i8* %59, align 1 %61 = icmp eq i8 %60, 10 br i1 %61, label %92, label %62 %63 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %30, i64 0, i32 0 %64 = load i32, i32* %63, align 8 %65 = icmp eq i32 %64, 3 br i1 %65, label %66, label %72 %67 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 1, i32 2 %68 = bitcast %union.anon.62.306808* %67 to %struct.cpc_reg* %69 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %68, i64 0, i32 2 %70 = load i8, i8* %69, align 1 %71 = icmp eq i8 %70, 10 br i1 %71, label %92, label %72 %73 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %31, i64 0, i32 0 %74 = load i32, i32* %73, align 8 %75 = icmp eq i32 %74, 3 br i1 %75, label %76, label %82 %77 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 19, i32 2 %78 = bitcast %union.anon.62.306808* %77 to %struct.cpc_reg* %79 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %78, i64 0, i32 2 %80 = load i8, i8* %79, align 1 %81 = icmp eq i8 %80, 10 br i1 %81, label %92, label %82 %83 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %32, i64 0, i32 0 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 3 br i1 %85, label %86, label %101 %87 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %14, i64 0, i32 5, i64 20, i32 2 %88 = bitcast %union.anon.62.306808* %87 to %struct.cpc_reg* %89 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %88, i64 0, i32 2 %90 = load i8, i8* %89, align 1 %91 = icmp eq i8 %90, 10 br i1 %91, label %92, label %101 %93 = icmp slt i32 %23, 0 br i1 %93, label %199, label %94 %95 = zext i32 %23 to i64 %96 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %95 %97 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %96, align 8 %98 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %97, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %98) #69 %99 = tail call fastcc i32 @send_pcc_cmd(i32 %23, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_ctrs 3 show_feedback_ctrs ------------- Path:  Function:show_feedback_ctrs %4 = alloca %struct.sched_info, align 8 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.sched_info* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_ctrs(i32 %9, %struct.sched_info* nonnull %4) #69 Function:cppc_get_perf_ctrs %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = sext i32 %0 to i64 %8 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %7 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %11 = inttoptr i64 %10 to %struct.cpc_desc** %12 = load %struct.cpc_desc*, %struct.cpc_desc** %11, align 8 %13 = add i64 %9, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %14 = inttoptr i64 %13 to i32* %15 = load i32, i32* %14, align 4 %16 = bitcast i64* %3 to i8* %17 = bitcast i64* %4 to i8* %18 = bitcast i64* %5 to i8* %19 = bitcast i64* %6 to i8* %20 = icmp eq %struct.cpc_desc* %12, null br i1 %20, label %161, label %21 %22 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12 %23 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11 %24 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18 %25 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10 %26 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %24, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18, i32 2 br i1 %28, label %30, label %34 %31 = getelementptr %union.anon.62.306808, %union.anon.62.306808* %29, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %55, label %57 %58 = phi %struct.cpc_register_resource* [ %24, %30 ], [ %56, %55 ], [ %24, %51 ], [ %24, %47 ], [ %24, %43 ], [ %24, %39 ], [ %24, %34 ] %59 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %22, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 3 br i1 %61, label %62, label %68 %63 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12, i32 2 %64 = bitcast %union.anon.62.306808* %63 to %struct.cpc_reg* %65 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %64, i64 0, i32 2 %66 = load i8, i8* %65, align 1 %67 = icmp eq i8 %66, 10 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %23, i64 0, i32 0 %70 = load i32, i32* %69, align 8 %71 = icmp eq i32 %70, 3 br i1 %71, label %72, label %78 %73 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11, i32 2 %74 = bitcast %union.anon.62.306808* %73 to %struct.cpc_reg* %75 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %74, i64 0, i32 2 %76 = load i8, i8* %75, align 1 %77 = icmp eq i8 %76, 10 br i1 %77, label %98, label %78 %79 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %25, i64 0, i32 0 %80 = load i32, i32* %79, align 8 %81 = icmp eq i32 %80, 3 br i1 %81, label %82, label %88 %83 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10, i32 2 %84 = bitcast %union.anon.62.306808* %83 to %struct.cpc_reg* %85 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %84, i64 0, i32 2 %86 = load i8, i8* %85, align 1 %87 = icmp eq i8 %86, 10 br i1 %87, label %98, label %88 %89 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 0 %90 = load i32, i32* %89, align 8 %91 = icmp eq i32 %90, 3 br i1 %91, label %92, label %107 %93 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 2 %94 = bitcast %union.anon.62.306808* %93 to %struct.cpc_reg* %95 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %94, i64 0, i32 2 %96 = load i8, i8* %95, align 1 %97 = icmp eq i8 %96, 10 br i1 %97, label %98, label %107 %99 = icmp slt i32 %15, 0 br i1 %99, label %161, label %100 %101 = zext i32 %15 to i64 %102 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %101 %103 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %102, align 8 %104 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %103, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %104) #69 %105 = tail call fastcc i32 @send_pcc_cmd(i32 %15, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_ctrs 3 show_reference_perf ------------- Path:  Function:show_reference_perf %4 = alloca %struct.sched_info, align 8 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.sched_info* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_ctrs(i32 %9, %struct.sched_info* nonnull %4) #69 Function:cppc_get_perf_ctrs %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = sext i32 %0 to i64 %8 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %7 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %11 = inttoptr i64 %10 to %struct.cpc_desc** %12 = load %struct.cpc_desc*, %struct.cpc_desc** %11, align 8 %13 = add i64 %9, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %14 = inttoptr i64 %13 to i32* %15 = load i32, i32* %14, align 4 %16 = bitcast i64* %3 to i8* %17 = bitcast i64* %4 to i8* %18 = bitcast i64* %5 to i8* %19 = bitcast i64* %6 to i8* %20 = icmp eq %struct.cpc_desc* %12, null br i1 %20, label %161, label %21 %22 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12 %23 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11 %24 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18 %25 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10 %26 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %24, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18, i32 2 br i1 %28, label %30, label %34 %31 = getelementptr %union.anon.62.306808, %union.anon.62.306808* %29, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %55, label %57 %58 = phi %struct.cpc_register_resource* [ %24, %30 ], [ %56, %55 ], [ %24, %51 ], [ %24, %47 ], [ %24, %43 ], [ %24, %39 ], [ %24, %34 ] %59 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %22, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 3 br i1 %61, label %62, label %68 %63 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12, i32 2 %64 = bitcast %union.anon.62.306808* %63 to %struct.cpc_reg* %65 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %64, i64 0, i32 2 %66 = load i8, i8* %65, align 1 %67 = icmp eq i8 %66, 10 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %23, i64 0, i32 0 %70 = load i32, i32* %69, align 8 %71 = icmp eq i32 %70, 3 br i1 %71, label %72, label %78 %73 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11, i32 2 %74 = bitcast %union.anon.62.306808* %73 to %struct.cpc_reg* %75 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %74, i64 0, i32 2 %76 = load i8, i8* %75, align 1 %77 = icmp eq i8 %76, 10 br i1 %77, label %98, label %78 %79 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %25, i64 0, i32 0 %80 = load i32, i32* %79, align 8 %81 = icmp eq i32 %80, 3 br i1 %81, label %82, label %88 %83 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10, i32 2 %84 = bitcast %union.anon.62.306808* %83 to %struct.cpc_reg* %85 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %84, i64 0, i32 2 %86 = load i8, i8* %85, align 1 %87 = icmp eq i8 %86, 10 br i1 %87, label %98, label %88 %89 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 0 %90 = load i32, i32* %89, align 8 %91 = icmp eq i32 %90, 3 br i1 %91, label %92, label %107 %93 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 2 %94 = bitcast %union.anon.62.306808* %93 to %struct.cpc_reg* %95 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %94, i64 0, i32 2 %96 = load i8, i8* %95, align 1 %97 = icmp eq i8 %96, 10 br i1 %97, label %98, label %107 %99 = icmp slt i32 %15, 0 br i1 %99, label %161, label %100 %101 = zext i32 %15 to i64 %102 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %101 %103 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %102, align 8 %104 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %103, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %104) #69 %105 = tail call fastcc i32 @send_pcc_cmd(i32 %15, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 mbox_send_message 1 send_pcc_cmd 2 cppc_get_perf_ctrs 3 show_wraparound_time ------------- Path:  Function:show_wraparound_time %4 = alloca %struct.sched_info, align 8 %5 = getelementptr %struct.kobject, %struct.kobject* %0, i64 -12, i32 3 %6 = bitcast %struct.sched_info* %4 to i8* %7 = getelementptr inbounds %struct.kset*, %struct.kset** %5, i64 1 %8 = bitcast %struct.kset** %7 to i32* %9 = load i32, i32* %8, align 8 %10 = call i32 @cppc_get_perf_ctrs(i32 %9, %struct.sched_info* nonnull %4) #69 Function:cppc_get_perf_ctrs %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = sext i32 %0 to i64 %8 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %7 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, ptrtoint (%struct.cpc_desc** @cpc_desc_ptr to i64) %11 = inttoptr i64 %10 to %struct.cpc_desc** %12 = load %struct.cpc_desc*, %struct.cpc_desc** %11, align 8 %13 = add i64 %9, ptrtoint (i32* @cpu_pcc_subspace_idx to i64) %14 = inttoptr i64 %13 to i32* %15 = load i32, i32* %14, align 4 %16 = bitcast i64* %3 to i8* %17 = bitcast i64* %4 to i8* %18 = bitcast i64* %5 to i8* %19 = bitcast i64* %6 to i8* %20 = icmp eq %struct.cpc_desc* %12, null br i1 %20, label %161, label %21 %22 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12 %23 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11 %24 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18 %25 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10 %26 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %24, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 %29 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 18, i32 2 br i1 %28, label %30, label %34 %31 = getelementptr %union.anon.62.306808, %union.anon.62.306808* %29, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %55, label %57 %58 = phi %struct.cpc_register_resource* [ %24, %30 ], [ %56, %55 ], [ %24, %51 ], [ %24, %47 ], [ %24, %43 ], [ %24, %39 ], [ %24, %34 ] %59 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %22, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 3 br i1 %61, label %62, label %68 %63 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 12, i32 2 %64 = bitcast %union.anon.62.306808* %63 to %struct.cpc_reg* %65 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %64, i64 0, i32 2 %66 = load i8, i8* %65, align 1 %67 = icmp eq i8 %66, 10 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %23, i64 0, i32 0 %70 = load i32, i32* %69, align 8 %71 = icmp eq i32 %70, 3 br i1 %71, label %72, label %78 %73 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 11, i32 2 %74 = bitcast %union.anon.62.306808* %73 to %struct.cpc_reg* %75 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %74, i64 0, i32 2 %76 = load i8, i8* %75, align 1 %77 = icmp eq i8 %76, 10 br i1 %77, label %98, label %78 %79 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %25, i64 0, i32 0 %80 = load i32, i32* %79, align 8 %81 = icmp eq i32 %80, 3 br i1 %81, label %82, label %88 %83 = getelementptr %struct.cpc_desc, %struct.cpc_desc* %12, i64 0, i32 5, i64 10, i32 2 %84 = bitcast %union.anon.62.306808* %83 to %struct.cpc_reg* %85 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %84, i64 0, i32 2 %86 = load i8, i8* %85, align 1 %87 = icmp eq i8 %86, 10 br i1 %87, label %98, label %88 %89 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 0 %90 = load i32, i32* %89, align 8 %91 = icmp eq i32 %90, 3 br i1 %91, label %92, label %107 %93 = getelementptr inbounds %struct.cpc_register_resource, %struct.cpc_register_resource* %58, i64 0, i32 2 %94 = bitcast %union.anon.62.306808* %93 to %struct.cpc_reg* %95 = getelementptr inbounds %struct.cpc_reg, %struct.cpc_reg* %94, i64 0, i32 2 %96 = load i8, i8* %95, align 1 %97 = icmp eq i8 %96, 10 br i1 %97, label %98, label %107 %99 = icmp slt i32 %15, 0 br i1 %99, label %161, label %100 %101 = zext i32 %15 to i64 %102 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %101 %103 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %102, align 8 %104 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %103, i64 0, i32 10 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore*)*)(%struct.rw_semaphore* %104) #69 %105 = tail call fastcc i32 @send_pcc_cmd(i32 %15, i16 zeroext 0) #70 Function:send_pcc_cmd %3 = alloca i16, align 2 store i16 %1, i16* %3, align 2 %4 = sext i32 %0 to i64 %5 = getelementptr [256 x %struct.cppc_pcc_data*], [256 x %struct.cppc_pcc_data*]* @pcc_data, i64 0, i64 %4 %6 = load %struct.cppc_pcc_data*, %struct.cppc_pcc_data** %5, align 8 %7 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 1 %8 = bitcast i8** %7 to %struct.perf_event_header** %9 = load %struct.perf_event_header*, %struct.perf_event_header** %8, align 8 %10 = icmp eq i16 %1, 0 %11 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 7 br i1 %10, label %12, label %20 %13 = load i8, i8* %11, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %18 = tail call fastcc i32 @check_pcc_chan(i32 %0, i1 zeroext false) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %21, label %90 %22 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25 %38 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 4 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %61, label %41 %62 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 1 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 %1, i16* %62) #6, !srcloc !5 %63 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %9, i64 0, i32 2 tail call void asm sideeffect "movw $0,$1", "r,*m,~{dirflag},~{fpsr},~{flags}"(i16 0, i16* %63) #6, !srcloc !5 %64 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 8 store i8 1, i8* %64, align 1 %65 = getelementptr inbounds %struct.cppc_pcc_data, %struct.cppc_pcc_data* %6, i64 0, i32 0 %66 = load %struct.mbox_chan*, %struct.mbox_chan** %65, align 8 %67 = bitcast i16* %3 to i8* %68 = call i32 bitcast (i32 (%struct.mbox_chan.560446*, i8*)* @mbox_send_message to i32 (%struct.mbox_chan*, i8*)*)(%struct.mbox_chan* %66, i8* nonnull %67) #70 Function:mbox_send_message %3 = icmp eq %struct.mbox_chan.560446* %0, null br i1 %3, label %63, label %4 %5 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 2 %6 = load %struct.mbox_client.560445*, %struct.mbox_client.560445** %5, align 8 %7 = icmp eq %struct.mbox_client.560445* %6, null br i1 %7, label %63, label %8 %9 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 8, i32 0, i32 0 %10 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #69 %11 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 20 br i1 %13, label %14, label %15 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %10) #69 br label %28 %29 = phi i32 [ -105, %14 ], [ %17, %24 ] %30 = getelementptr inbounds %struct.mbox_chan.560446, %struct.mbox_chan.560446* %0, i64 0, i32 0 %31 = load %struct.mbox_controller.560444*, %struct.mbox_controller.560444** %30, align 8 %32 = getelementptr inbounds %struct.mbox_controller.560444, %struct.mbox_controller.560444* %31, i64 0, i32 0 %33 = load %struct.device.560441*, %struct.device.560441** %32, align 8 tail call void (%struct.device.560441*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.560441*, i8*, ...)*)(%struct.device.560441* %33, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.2.53235, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.531677, %struct.device.531677* %0, i64 0, i32 9 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.531678* %1 to i64 %8 = sub i64 %7, ptrtoint ([67 x %struct.device_attribute.531678]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 58 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.531777* %26 = call i32 bitcast (i32 (%struct.power_supply.531606*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.531777*, i32, %struct.dev_archdata*)*)(%struct.power_supply.531777* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.531678, %struct.device_attribute.531678* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.531677*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.531677*, i8*, ...)*)(%struct.device.531677* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.97.49312, i64 0, i64 0), i8* %35, i64 %27) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_delete_device ------------- Path:  Function:i2c_sysfs_delete_device %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.48857, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #69 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 %13 = icmp eq i32 %9, 1 %14 = load i8, i8* %6, align 1 %15 = icmp eq i8 %14, 10 %16 = or i1 %13, %15 br i1 %16, label %18, label %17 call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.52.48859, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.54.48856, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.527900, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i32* %7 to %struct.i2c_adapter.527894* %9 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 tail call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.49.48864, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.48862, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.527900, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i32* %7 to %struct.i2c_adapter.527894* %9 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 tail call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.48.48863, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.48862, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_delete_device ------------- Path:  Function:i2c_sysfs_delete_device %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.48857, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #69 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.51.48858, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.54.48856, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.527900, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i32* %7 to %struct.i2c_adapter.527894* %9 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.48857, i64 0, i64 0), i16* %21, i8* nonnull %6) #69 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.51.48858, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.48862, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.527900, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.527852, %struct.device.527852* %0, i64 -1, i32 28 %8 = bitcast i32* %7 to %struct.i2c_adapter.527894* %9 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info.527900, %struct.i2c_board_info.527900* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.48857, i64 0, i64 0), i16* %21, i8* nonnull %6) #69 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device.527852*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.527852*, i8*, ...)*)(%struct.device.527852* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.52.48859, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.48862, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds i8, i8* %4, i64 6352 %11 = bitcast i8* %10 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds i8, i8* %4, i64 6352 %19 = bitcast i8* %18 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = bitcast i8* %5 to %struct.hid_device* %7 = getelementptr inbounds i8, i8* %5, i64 6504 %8 = bitcast i8* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %15 = getelementptr inbounds i8, i8* %9, i64 8 %16 = bitcast i8* %15 to %struct.lg4ff_device_entry** %17 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %16, align 8 %18 = icmp eq %struct.lg4ff_device_entry* %17, null br i1 %18, label %19, label %22 %20 = getelementptr inbounds i8, i8* %5, i64 6352 %21 = bitcast i8* %20 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %21, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds i8, i8* %4, i64 6352 %11 = bitcast i8* %10 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = bitcast i8* %5 to %struct.hid_device* %7 = getelementptr inbounds i8, i8* %5, i64 6504 %8 = bitcast i8* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %12 = getelementptr inbounds i8, i8* %5, i64 6352 %13 = bitcast i8* %12 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %13, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds i8, i8* %5, i64 6504 %9 = bitcast i8* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds i8, i8* %5, i64 6352 %22 = bitcast i8* %21 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = bitcast i8* %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds i8, i8* %5, i64 6504 %10 = bitcast i8* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %14 = getelementptr inbounds i8, i8* %5, i64 6352 %15 = bitcast i8* %14 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %15, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds i8, i8* %4, i64 6352 %19 = bitcast i8* %18 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds i8, i8* %4, i64 6352 %11 = bitcast i8* %10 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds i8, i8* %4, i64 6352 %19 = bitcast i8* %18 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = bitcast i8* %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds i8, i8* %5, i64 6504 %10 = bitcast i8* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds i8, i8* %5, i64 6352 %23 = bitcast i8* %22 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds i8, i8* %4, i64 6352 %30 = bitcast i8* %29 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.52774, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds i8, i8* %4, i64 6352 %11 = bitcast i8* %10 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds i8, i8* %5, i64 6504 %9 = bitcast i8* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %13 = getelementptr inbounds i8, i8* %5, i64 6352 %14 = bitcast i8* %13 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %14, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.52752, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds i8, i8* %4, i64 6352 %19 = bitcast i8* %18 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.52753, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.302068, %struct.device.302068* %0, i64 -9, i32 11, i32 7 %5 = getelementptr inbounds i8, i8* %4, i64 6504 %6 = bitcast i8* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds i8, i8* %4, i64 6352 %30 = bitcast i8* %29 to %struct.device.302068* tail call void (%struct.device.302068*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.302068*, i8*, ...)*)(%struct.device.302068* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.52774, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device.14383* %0 to %struct.pnp_dev.308797* %11 = getelementptr inbounds %struct.pnp_dev.308797, %struct.pnp_dev.308797* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #69 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.10.29247, i64 0, i64 0), i64 7) #70 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.308492*)* @pnp_disable_dev to i32 (%struct.pnp_dev.308797*)*)(%struct.pnp_dev.308797* %10) #69 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.308492, %struct.pnp_dev.308492* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.308492, %struct.pnp_dev.308492* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.308482*, %struct.pnp_protocol.308482** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.308482, %struct.pnp_protocol.308482* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.308492*)*, i32 (%struct.pnp_dev.308492*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.308492*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.308492, %struct.pnp_dev.308492* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %28 = tail call i32 %9(%struct.pnp_dev.308492* %0) #69 %29 = icmp slt i32 %28, 0 %30 = getelementptr inbounds %struct.pnp_dev.308492, %struct.pnp_dev.308492* %0, i64 0, i32 0 br i1 %29, label %31, label %32 tail call void (%struct.device.16878*, i8*, ...) bitcast (void (%struct.device.454115*, i8*, ...)* @_dev_err to void (%struct.device.16878*, i8*, ...)*)(%struct.device.16878* %30, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.8.29145, i64 0, i64 0)) #69 ------------- Good: 4957 Bad: 107 Ignored: 7308 Check Use of Function:ring_buffer_event_data Check Use of Function:dev_mc_del Check Use of Function:__icmp_send Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 39 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 7 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.631313*, %struct.net_device.631313** %78, align 8 %80 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.630923*, %struct.net.630923** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.630923* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.631221* %0, i32* null) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void bitcast (void (%struct.sk_buff.650904*, i32, i32, i32, %struct.ip_options*)* @__icmp_send to void (%struct.sk_buff.631221*, i32, i32, i32, %struct.ip_options*)*)(%struct.sk_buff.631221* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #69 ------------- Good: 14 Bad: 1 Ignored: 46 Check Use of Function:dev_uc_del Check Use of Function:rtnl_fdb_notify Check Use of Function:shmem_lock Check Use of Function:shmem_unlock_mapping Check Use of Function:ipv6_chk_addr_and_flags Check Use of Function:ipv6_chk_prefix Check Use of Function:ata_cmd_ioctl Check Use of Function:ata_task_ioctl Check Use of Function:scsi_autopm_get_host Check Use of Function:user_path_mountpoint_at Check Use of Function:scsi_init_command Check Use of Function:__starget_for_each_device Check Use of Function:scsi_put_command Check Use of Function:loop_info64_to_compat Check Use of Function:dm_issue_global_event Check Use of Function:cn_netlink_send Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __se_sys_prctl 2 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_prctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_prctl %6 = alloca [46 x i64], align 16 %7 = alloca [16 x i8], align 16 %8 = trunc i64 %0 to i32 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 0 %11 = tail call i32 @security_task_prctl(i32 %8, i64 %1, i64 %2, i64 %3, i64 %4) #69 %12 = icmp eq i32 %11, -38 br i1 %12, label %15, label %13 switch i32 %8, label %452 [ i32 1, label %16 i32 2, label %21 i32 3, label %27 i32 4, label %33 i32 53, label %446 i32 52, label %439 i32 44, label %434 i32 43, label %429 i32 41, label %408 i32 42, label %396 i32 13, label %39 i32 14, label %40 i32 15, label %43 i32 16, label %49 i32 39, label %387 i32 38, label %378 i32 21, label %54 i32 22, label %56 i32 25, label %59 i32 26, label %62 i32 31, label %66 i32 32, label %69 i32 30, label %72 i32 29, label %75 i32 33, label %83 i32 34, label %103 i32 35, label %117 i32 37, label %368 i32 36, label %358 ] %44 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 15 store i8 0, i8* %44, align 1 %45 = inttoptr i64 %1 to i8* %46 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %45, i64 15) #69 %47 = icmp slt i64 %46, 0 br i1 %47, label %454, label %48 call void @__set_task_comm(%struct.task_struct.39605* %9, i8* nonnull %10, i1 zeroext false) #69 call void bitcast (void (%struct.task_struct.453270*)* @proc_comm_connector to void (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %9) #69 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %40, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 47 %17 = load i32, i32* %16, align 16 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 48 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct.39605*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.453270*)*)(i8* %23, i64 16, %struct.task_struct.453270* %0) #69 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %34 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %35 = bitcast i8* %34 to i32* store i32 %33, i32* %35, align 4 %36 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 %37 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %38 = bitcast i8* %37 to i32* store i32 %36, i32* %38, align 4 %39 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 4194304) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __se_sys_prctl 2 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_prctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_prctl %6 = alloca [46 x i64], align 16 %7 = alloca [16 x i8], align 16 %8 = trunc i64 %0 to i32 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 0 %11 = tail call i32 @security_task_prctl(i32 %8, i64 %1, i64 %2, i64 %3, i64 %4) #69 %12 = icmp eq i32 %11, -38 br i1 %12, label %15, label %13 switch i32 %8, label %452 [ i32 1, label %16 i32 2, label %21 i32 3, label %27 i32 4, label %33 i32 53, label %446 i32 52, label %439 i32 44, label %434 i32 43, label %429 i32 41, label %408 i32 42, label %396 i32 13, label %39 i32 14, label %40 i32 15, label %43 i32 16, label %49 i32 39, label %387 i32 38, label %378 i32 21, label %54 i32 22, label %56 i32 25, label %59 i32 26, label %62 i32 31, label %66 i32 32, label %69 i32 30, label %72 i32 29, label %75 i32 33, label %83 i32 34, label %103 i32 35, label %117 i32 37, label %368 i32 36, label %358 ] %44 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 15 store i8 0, i8* %44, align 1 %45 = inttoptr i64 %1 to i8* %46 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %45, i64 15) #69 %47 = icmp slt i64 %46, 0 br i1 %47, label %454, label %48 call void @__set_task_comm(%struct.task_struct.39605* %9, i8* nonnull %10, i1 zeroext false) #69 call void bitcast (void (%struct.task_struct.453270*)* @proc_comm_connector to void (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %9) #69 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %40, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 47 %17 = load i32, i32* %16, align 16 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 48 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct.39605*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.453270*)*)(i8* %23, i64 16, %struct.task_struct.453270* %0) #69 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %34 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %35 = bitcast i8* %34 to i32* store i32 %33, i32* %35, align 4 %36 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 %37 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %38 = bitcast i8* %37 to i32* store i32 %36, i32* %38, align 4 %39 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 4194304) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_sid_connector 1 ksys_setsid 2 __x64_sys_setsid ------------- Path:  Function:__x64_sys_setsid %2 = tail call i32 @ksys_setsid() #69 Function:ksys_setsid %1 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 54 %3 = load %struct.task_struct.39605*, %struct.task_struct.39605** %2, align 16 %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %3, i64 0, i32 57 %5 = load %struct.pid.39326*, %struct.pid.39326** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.pid.45783*)* @pid_vnr to i32 (%struct.pid.39326*)*)(%struct.pid.39326* %5) #69 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %3, i64 0, i32 86 %8 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %7, align 64 %9 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %8, i64 0, i32 24 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %33 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.39605* (%struct.pid.39326*, i32)*)(%struct.pid.39326* %5, i32 2) #69 %14 = icmp eq %struct.task_struct.39605* %13, null br i1 %14, label %15, label %33 %34 = phi i32 [ -1, %0 ], [ -1, %12 ], [ %6, %32 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %35 = icmp sgt i32 %34, 0 br i1 %35, label %36, label %37 tail call void bitcast (void (%struct.task_struct.453270*)* @proc_sid_connector to void (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %3) #69 Function:proc_sid_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %38, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 128, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 47 %17 = load i32, i32* %16, align 16 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.453270, %struct.task_struct.453270* %0, i64 0, i32 48 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = bitcast i8* %7 to i64* %24 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %24, i64* %23, align 4 %25 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %26 = bitcast i8* %25 to i32* store i32 0, i32* %26, align 8 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %28 = bitcast i8* %27 to i16* store i16 40, i16* %28, align 4 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %30 = bitcast i8* %29 to i16* store i16 0, i16* %30, align 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = tail call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %32 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %33 = bitcast i8* %32 to i32* store i32 %31, i32* %33, align 4 %34 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 4194304) #69 ------------- Good: 38 Bad: 3 Ignored: 47 Check Use of Function:swsusp_swap_in_use Check Use of Function:hibernation_snapshot Check Use of Function:free_all_swap_pages Check Use of Function:suspend_devices_and_enter Check Use of Function:lock_device_hotplug Check Use of Function:ring_buffer_unlock_commit Check Use of Function:snapshot_image_loaded Check Use of Function:snapshot_write_finalize Check Use of Function:hibernation_platform_enter Check Use of Function:ksys_sync Use: =BAD PATH= Call Stack: 0 __x64_sys_sync ------------- Path:  Function:__x64_sys_sync tail call void @ksys_sync() #69 ------------- Good: 3 Bad: 1 Ignored: 5 Check Use of Function:snapshot_get_image_size Check Use of Function:unlock_device_hotplug Use: =BAD PATH= Call Stack: 0 store_smt_control ------------- Path:  Function:store_smt_control %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.70.4780, i64 0, i64 0)) #69 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.4732, i64 0, i64 0)) #69 br i1 %7, label %10, label %8 %9 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.72.4781, i64 0, i64 0)) #69 br i1 %9, label %10, label %33 %11 = phi i32 [ 0, %4 ], [ 1, %6 ], [ 2, %8 ] %12 = load i32, i32* @cpu_smt_control, align 4 switch i32 %12, label %14 [ i32 2, label %33 i32 3, label %13 ] %15 = tail call i32 @lock_device_hotplug_sysfs() #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = load i32, i32* @cpu_smt_control, align 4 %21 = icmp eq i32 %11, %20 br i1 %21, label %27, label %22 switch i32 %11, label %27 [ i32 0, label %23 i32 1, label %25 i32 2, label %25 ] tail call void @unlock_device_hotplug() #69 ------------- Use: =BAD PATH= Call Stack: 0 store_smt_control ------------- Path:  Function:store_smt_control %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.70.4780, i64 0, i64 0)) #69 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.4732, i64 0, i64 0)) #69 br i1 %7, label %10, label %8 %9 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.72.4781, i64 0, i64 0)) #69 br i1 %9, label %10, label %33 %11 = phi i32 [ 0, %4 ], [ 1, %6 ], [ 2, %8 ] %12 = load i32, i32* @cpu_smt_control, align 4 switch i32 %12, label %14 [ i32 2, label %33 i32 3, label %13 ] %15 = tail call i32 @lock_device_hotplug_sysfs() #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = load i32, i32* @cpu_smt_control, align 4 %21 = icmp eq i32 %11, %20 br i1 %21, label %27, label %22 switch i32 %11, label %27 [ i32 0, label %23 i32 1, label %25 i32 2, label %25 ] %24 = tail call i32 @cpuhp_smt_enable() #70 br label %28 %29 = phi i32 [ %26, %25 ], [ %24, %23 ] tail call void @unlock_device_hotplug() #69 ------------- Good: 7 Bad: 2 Ignored: 0 Check Use of Function:dev_valid_name Check Use of Function:alloc_netdev_mqs Check Use of Function:free_netdev Check Use of Function:mddev_unlock Check Use of Function:group_pin_kill Check Use of Function:ida_alloc_range Use: =BAD PATH= Call Stack: 0 nfs4_get_state_owner 1 nfs4_do_open 2 nfs4_atomic_open ------------- Path:  Function:nfs4_atomic_open %6 = tail call fastcc %struct.nfs4_state.197134* @nfs4_do_open(%struct.inode.733* %0, %struct.nfs_open_context.197135* %1, i32 %2, %struct.iattr.726* %3, i32* %4) #69 Function:nfs4_do_open %6 = alloca %struct.nfs_access_entry, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = alloca %struct.nfs4_open_createattrs, align 8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %10 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %11 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.197100** %13 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %12, align 64 %14 = bitcast %struct.nfs4_exception* %7 to i8* %15 = bitcast %struct.nfs4_open_createattrs* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 0 store %struct.nfs4_label* null, %struct.nfs4_label** %16, align 8 %17 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 1 store %struct.iattr.726* %3, %struct.iattr.726** %17, align 8 %18 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 2, i64 0 %19 = load volatile i64, i64* @jiffies, align 64 %20 = trunc i64 %19 to i32 store i32 %20, i32* %18, align 8 %21 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 2, i64 1 %22 = tail call %struct.task_struct.684* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.684** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.684**)) #10, !srcloc !4 %23 = getelementptr inbounds %struct.task_struct.684, %struct.task_struct.684* %22, i64 0, i32 47 %24 = load i32, i32* %23, align 16 store i32 %24, i32* %21, align 4 %25 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %1, i64 0, i32 2 %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %1, i64 0, i32 3 %27 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %1, i64 0, i32 5 %28 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %1, i64 0, i32 4 %29 = bitcast %struct.nfs_access_entry* %6 to i8* %30 = and i32 %2, 32 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %6, i64 0, i32 2 %33 = bitcast %struct.rpc_cred** %32 to i64* %34 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %6, i64 0, i32 3 %35 = icmp eq i32* %4, null %36 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 9 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 %38 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 0 br label %39 %40 = phi %struct.nfs4_label* [ %541, %535 ], [ null, %5 ] %41 = phi %struct.iattr.726* [ %540, %535 ], [ %3, %5 ] %42 = phi %struct.nfs_server.197100* [ %539, %535 ], [ %13, %5 ] %43 = load %struct.dentry.734*, %struct.dentry.734** %25, align 8 %44 = load %struct.rpc_cred*, %struct.rpc_cred** %26, align 8 %45 = load i32, i32* %27, align 8 %46 = and i32 %45, 35 %47 = call %struct.nfs4_state_owner.197130* bitcast (%struct.nfs4_state_owner.198676* (%struct.nfs_server.198646*, %struct.rpc_cred*, i32)* @nfs4_get_state_owner to %struct.nfs4_state_owner.197130* (%struct.nfs_server.197100*, %struct.rpc_cred*, i32)*)(%struct.nfs_server.197100* %42, %struct.rpc_cred* %44, i32 6291648) #69 %50 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %42, i64 0, i32 0 %51 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %50, align 8 %52 = call i32 bitcast (i32 (%struct.nfs_client.198717*)* @nfs4_client_recover_expired_lease to i32 (%struct.nfs_client.197162*)*)(%struct.nfs_client.197162* %51) #69 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %463 %464 = phi i32 [ 0, %460 ], [ %52, %49 ], [ -12, %73 ], [ %462, %461 ] call void bitcast (void (%struct.nfs4_state_owner.198676*)* @nfs4_put_state_owner to void (%struct.nfs4_state_owner.197130*)*)(%struct.nfs4_state_owner.197130* nonnull %47) #69 br label %465 %466 = phi i32 [ -12, %39 ], [ %464, %463 ] %467 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %28, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_open_file to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_do_open, %468)) #6 to label %490 [label %468], !srcloc !13 switch i32 %466, label %525 [ i32 0, label %542 i32 -10026, label %491 i32 -10025, label %507 i32 -10011, label %510 i32 -11, label %514 i32 -22, label %517 ] %518 = load i32, i32* %36, align 4 %519 = and i32 %518, 131072 %520 = icmp eq i32 %519, 0 br i1 %520, label %525, label %521 %522 = and i32 %518, -131073 store i32 %522, i32* %36, align 4 %523 = load i8, i8* %37, align 8 %524 = or i8 %523, 8 store i8 %524, i8* %37, align 8 br label %530 %531 = phi i8 [ %506, %504 ], [ %509, %507 ], [ %513, %510 ], [ %516, %514 ], [ %524, %521 ], [ %529, %525 ] %532 = phi %struct.nfs4_state.197134* [ %467, %504 ], [ %467, %507 ], [ %467, %510 ], [ %467, %514 ], [ %467, %521 ], [ %528, %525 ] %533 = and i8 %531, 8 %534 = icmp eq i8 %533, 0 br i1 %534, label %542, label %535 %536 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %537 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %536, i64 0, i32 30 %538 = bitcast i8** %537 to %struct.nfs_server.197100** %539 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %538, align 64 %540 = load %struct.iattr.726*, %struct.iattr.726** %17, align 8 %541 = load %struct.nfs4_label*, %struct.nfs4_label** %16, align 8 br label %39 %40 = phi %struct.nfs4_label* [ %541, %535 ], [ null, %5 ] %41 = phi %struct.iattr.726* [ %540, %535 ], [ %3, %5 ] %42 = phi %struct.nfs_server.197100* [ %539, %535 ], [ %13, %5 ] %43 = load %struct.dentry.734*, %struct.dentry.734** %25, align 8 %44 = load %struct.rpc_cred*, %struct.rpc_cred** %26, align 8 %45 = load i32, i32* %27, align 8 %46 = and i32 %45, 35 %47 = call %struct.nfs4_state_owner.197130* bitcast (%struct.nfs4_state_owner.198676* (%struct.nfs_server.198646*, %struct.rpc_cred*, i32)* @nfs4_get_state_owner to %struct.nfs4_state_owner.197130* (%struct.nfs_server.197100*, %struct.rpc_cred*, i32)*)(%struct.nfs_server.197100* %42, %struct.rpc_cred* %44, i32 6291648) #69 Function:nfs4_get_state_owner %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %6 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %5, align 8 %7 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %6, i64 0, i32 21 %8 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %7, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #69 %9 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 42, i32 0 %10 = load %struct.rb_node*, %struct.rb_node** %9, align 8 %11 = icmp eq %struct.rb_node* %10, null br i1 %11, label %47, label %12 %13 = phi %struct.rb_node* [ %45, %43 ], [ %10, %3 ] %14 = getelementptr %struct.rb_node, %struct.rb_node* %13, i64 -2, i32 2 %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %14, i64 7 %16 = bitcast %struct.rb_node** %15 to %struct.rpc_cred** %17 = load %struct.rpc_cred*, %struct.rpc_cred** %16, align 8 %18 = icmp ugt %struct.rpc_cred* %17, %1 br i1 %18, label %19, label %21 %22 = icmp ult %struct.rpc_cred* %17, %1 br i1 %22, label %23, label %25 %24 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %13, i64 0, i32 1 br label %43 %44 = phi %struct.rb_node** [ %20, %19 ], [ %24, %23 ] %45 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %12 %48 = phi %struct.nfs4_state_owner.198676* [ %26, %41 ], [ null, %3 ], [ null, %43 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %49 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %49, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %50 = icmp eq %struct.nfs4_state_owner.198676* %48, null br i1 %50, label %51, label %173 %52 = or i32 %2, 32768 %53 = and i32 %2, 1 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %58 %59 = tail call noalias align 8 i8* @__kmalloc(i64 328, i32 %52) #69 br label %60 %61 = phi i8* [ %59, %58 ], [ %57, %55 ] %62 = bitcast i8* %61 to %struct.nfs4_state_owner.198676* %63 = icmp eq i8* %61, null br i1 %63, label %173, label %64 %65 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 43 %66 = tail call i32 @ida_alloc_range(%struct.ida* %65, i32 0, i32 -1, i32 %2) #69 ------------- Good: 152 Bad: 1 Ignored: 247 Check Use of Function:umount_tree Use: =BAD PATH= Call Stack: 0 drop_collected_mounts 1 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.127974, %struct.ns_common.127974* %0, i64 -1, i32 2 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = getelementptr inbounds i32, i32* %2, i64 8 %8 = bitcast i32* %7 to %struct.mount.127946** %9 = load %struct.mount.127946*, %struct.mount.127946** %8, align 8 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %9, i64 0, i32 3 tail call void @drop_collected_mounts(%struct.vfsmount.128217* %10) #69 Function:drop_collected_mounts %2 = alloca %struct.hlist_head, align 8 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.128081*)*)(%struct.rw_semaphore.128081* nonnull @namespace_sem) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.vfsmount.128217, %struct.vfsmount.128217* %0, i64 -2, i32 2 %6 = bitcast i32* %5 to %struct.mount.127946* tail call fastcc void @umount_tree(%struct.mount.127946* %6, i32 0) #70 ------------- Good: 22 Bad: 1 Ignored: 23 Check Use of Function:attach_recursive_mnt Check Use of Function:kern_path Check Use of Function:vfs_kern_mount Check Use of Function:mntput_no_expire Check Use of Function:is_empty_dir_inode Check Use of Function:drm_syncobj_free Check Use of Function:security_sid_to_context_force Check Use of Function:freeze_super Check Use of Function:thaw_super Check Use of Function:_fat_bmap Check Use of Function:tcp_set_congestion_control Check Use of Function:tcp_send_window_probe Check Use of Function:drm_file_free Check Use of Function:drm_legacy_dma_setup Check Use of Function:drm_gem_open Check Use of Function:drm_syncobj_release Check Use of Function:drm_prime_destroy_file_private Check Use of Function:drm_prime_init_file_private Check Use of Function:i915_driver_open Check Use of Function:sd_config_write_same Check Use of Function:memzero_explicit Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #69 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.226547* %63 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.202376*)* @key_put to void (%struct.key.226547*)*)(%struct.key.226547* %62) #69 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.226547* call void bitcast (void (%struct.key.202376*)* @key_put to void (%struct.key.226547*)*)(%struct.key.226547* %70) #69 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #69 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %13, label %4, !prof !4, !misexpect !5 tail call void @memzero_explicit(i8* %0, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #69 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.226547* %63 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.202376*)* @key_put to void (%struct.key.226547*)*)(%struct.key.226547* %62) #69 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.226547* call void bitcast (void (%struct.key.202376*)* @key_put to void (%struct.key.226547*)*)(%struct.key.226547* %70) #69 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #69 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %13, label %4, !prof !4, !misexpect !5 tail call void @memzero_explicit(i8* %0, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 rt6_remove_exception_rt 6 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 rt6_update_exception_stamp_rt 6 __ip6_rt_update_pmtu 7 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 ip_del_fnhe 6 __mkroute_output 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ipip6_tunnel_bind_dev 10 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 ip_del_fnhe 6 __mkroute_output 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 __skb_get_hash 6 get_xps_queue 7 __netdev_pick_tx 8 netdev_pick_tx 9 __dev_queue_xmit 10 dev_queue_xmit 11 netlink_deliver_tap 12 netlink_sendskb 13 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 __skb_get_hash 6 get_xps_queue 7 __netdev_pick_tx 8 netdev_pick_tx 9 __dev_queue_xmit 10 dev_queue_xmit 11 netlink_deliver_tap 12 netlink_sendskb 13 do_mq_notify 14 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 __skb_get_hash 6 get_xps_queue 7 __netdev_pick_tx 8 netdev_pick_tx 9 __dev_queue_xmit 10 dev_queue_xmit 11 netlink_deliver_tap 12 netlink_sendskb 13 do_mq_notify 14 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 __skb_get_hash 6 get_xps_queue 7 __netdev_pick_tx 8 netdev_pick_tx 9 __dev_queue_xmit 10 dev_queue_xmit 11 netlink_deliver_tap 12 netlink_sendskb 13 do_mq_notify 14 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 __skb_get_hash 6 get_xps_queue 7 __netdev_pick_tx 8 netdev_pick_tx 9 __dev_queue_xmit 10 dev_queue_xmit 11 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 generate_random_uuid 6 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_bytes 5 generate_random_uuid 6 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_u64 5 copy_process 6 _do_fork 7 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_u64 5 copy_process 6 _do_fork 7 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_u64 5 copy_process 6 _do_fork 7 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_u64 5 copy_process 6 _do_fork 7 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 _get_random_bytes 4 get_random_u64 5 copy_process 6 _do_fork 7 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 get_random_bytes_user 4 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 get_random_bytes_user 4 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 blake2s_final 1 extract_entropy 2 crng_make_state 3 get_random_bytes_user 4 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 Function:blake2s_final %3 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 2, i64 0 store i32 -1, i32* %3, align 4 %4 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 0 %5 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 4 %6 = load i32, i32* %5, align 4 %7 = zext i32 %6 to i64 %8 = getelementptr %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 3, i64 %7 %9 = sub i32 64, %6 %10 = zext i32 %9 to i64 %11 = load i32, i32* %5, align 4 tail call void @blake2s_compress_generic(%struct.blake2s_state* %0, i8* %4, i64 1, i32 %11) #69 %12 = bitcast %struct.blake2s_state* %0 to i8* %13 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %0, i64 0, i32 5 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 tail call void @memzero_explicit(i8* %12, i64 120) #69 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_remove_exception_rt 5 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_update_exception_stamp_rt 5 __ip6_rt_update_pmtu 6 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_remove_exception_rt 5 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_update_exception_stamp_rt 5 __ip6_rt_update_pmtu 6 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_remove_exception_rt 5 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 rt6_update_exception_stamp_rt 5 __ip6_rt_update_pmtu 6 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 do_mq_notify 13 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 __netdev_pick_tx 7 netdev_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 _get_random_bytes 3 get_random_u64 4 copy_process 5 _do_fork 6 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 extract_entropy 1 crng_make_state 2 get_random_bytes_user 3 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 Function:extract_entropy %2 = alloca %struct.blake2s_state, align 4 %3 = alloca %struct.blake2s_state, align 4 %4 = alloca [32 x i8], align 16 %5 = alloca [32 x i8], align 16 %6 = alloca %struct.anon.98.324364, align 8 %7 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %8 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %9 = bitcast %struct.anon.98.324364* %6 to i8* br label %10 %11 = phi i64 [ 0, %1 ], [ %29, %28 ] %12 = getelementptr %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 0, i64 %11 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 306, i32 117, i32 4, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 38), i8* blockaddress(@extract_entropy, %14), i8* blockaddress(@extract_entropy, %20)) #6 to label %13 [label %14, label %20], !srcloc !4 br label %14 %15 = tail call { i8, i64 } asm sideeffect ".byte 0x48,0x0f,0xc7,0xf8\0A\09/* output condition code c*/\0A", "={@ccc},={ax},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = extractvalue { i8, i64 } %15, 0 %17 = extractvalue { i8, i64 } %15, 1 store i64 %17, i64* %12, align 8 %18 = and i8 %16, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %28 %29 = add nuw nsw i64 %11, 1 %30 = icmp eq i64 %29, 4 br i1 %30, label %31, label %10 %32 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0)) #70 call void @blake2s_final(%struct.blake2s_state* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0), i8* nonnull %7) #70 %33 = getelementptr inbounds %struct.anon.98.324364, %struct.anon.98.324364* %6, i64 0, i32 1 store i64 0, i64* %33, align 8 %34 = bitcast %struct.blake2s_state* %3 to i8* %35 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 0 store i32 1795737159, i32* %35, align 4 %36 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 1 store i32 -1150833019, i32* %36, align 4 %37 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 2 store i32 1013904242, i32* %37, align 4 %38 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 3 store i32 -1521486534, i32* %38, align 4 %39 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 4 store i32 1359893119, i32* %39, align 4 %40 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 5 store i32 -1694144372, i32* %40, align 4 %41 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 6 store i32 528734635, i32* %41, align 4 %42 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 0, i64 7 store i32 1541459225, i32* %42, align 4 %43 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 1 %44 = bitcast [2 x i32]* %43 to i8* %45 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 3, i64 0 %46 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 4 store i32 64, i32* %46, align 4 %47 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %3, i64 0, i32 5 store i32 32, i32* %47, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %3, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %3, i8* nonnull %8) #70 store i32 1795737159, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 0), align 4 store i32 -1150833019, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 1), align 4 store i32 1013904242, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 2), align 4 store i32 -1521486534, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 3), align 4 store i32 1359893119, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 4), align 4 store i32 -1694144372, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 5), align 4 store i32 528734635, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 6), align 4 store i32 1541459225, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 0, i64 7), align 4 store i32 64, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 4), align 4 store i32 32, i32* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 0, i32 5), align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.96.324361, %struct.anon.96.324361* @input_pool, i64 0, i32 1, i32 0, i32 0), i64 %32) #70 call void @memzero_explicit(i8* nonnull %8, i64 32) #70 %48 = bitcast %struct.blake2s_state* %2 to i8* %49 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 0 %50 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 1 %51 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 2 %52 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 3 %53 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 4 %54 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 5 %55 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 6 %56 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 0, i64 7 %57 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 1 %58 = bitcast [2 x i32]* %57 to i8* %59 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 3, i64 0 %60 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 4 %61 = getelementptr inbounds %struct.blake2s_state, %struct.blake2s_state* %2, i64 0, i32 5 %62 = load i64, i64* %33, align 8 %63 = add i64 %62, 1 store i64 %63, i64* %33, align 8 store i32 1795737159, i32* %49, align 4 store i32 -1150833019, i32* %50, align 4 store i32 1013904242, i32* %51, align 4 store i32 -1521486534, i32* %52, align 4 store i32 1359893119, i32* %53, align 4 store i32 -1694144372, i32* %54, align 4 store i32 528734635, i32* %55, align 4 store i32 1541459225, i32* %56, align 4 store i32 64, i32* %60, align 4 store i32 32, i32* %61, align 4 call void @blake2s_update(%struct.blake2s_state* nonnull %2, i8* nonnull %9, i64 40) #70 call void @blake2s_final(%struct.blake2s_state* nonnull %2, i8* %0) #70 call void @memzero_explicit(i8* nonnull %7, i64 32) #70 call void @memzero_explicit(i8* nonnull %9, i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 get_random_bytes_user 1 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %45 ] call void @chacha20_block(i32* nonnull %10, i8* nonnull %5) #70 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #70 %29 = add i64 %28, %21 %30 = load i64, i64* %6, align 8 %31 = icmp eq i64 %30, 0 %32 = icmp ne i64 %28, 64 %33 = or i1 %32, %31 br i1 %33, label %46, label %34 %35 = and i64 %29, 4095 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %45 %38 = call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !6 %39 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %38, i64 0, i32 0, i32 0 %40 = load volatile i64, i64* %39, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %46 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 br label %47 %48 = phi i64 [ %19, %18 ], [ %29, %46 ] call void @memzero_explicit(i8* nonnull %4, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 get_random_bytes_user 1 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %45 ] call void @chacha20_block(i32* nonnull %10, i8* nonnull %5) #70 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #70 %29 = add i64 %28, %21 %30 = load i64, i64* %6, align 8 %31 = icmp eq i64 %30, 0 %32 = icmp ne i64 %28, 64 %33 = or i1 %32, %31 br i1 %33, label %46, label %34 %35 = and i64 %29, 4095 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %45 %38 = call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !6 %39 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %38, i64 0, i32 0, i32 0 %40 = load volatile i64, i64* %39, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %46 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 br label %47 %48 = phi i64 [ %19, %18 ], [ %29, %46 ] call void @memzero_explicit(i8* nonnull %4, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 get_random_bytes_user 1 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %45 ] call void @chacha20_block(i32* nonnull %10, i8* nonnull %5) #70 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #70 %29 = add i64 %28, %21 %30 = load i64, i64* %6, align 8 %31 = icmp eq i64 %30, 0 %32 = icmp ne i64 %28, 64 %33 = or i1 %32, %31 br i1 %33, label %46, label %34 %35 = and i64 %29, 4095 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %45 %38 = call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !6 %39 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %38, i64 0, i32 0, i32 0 %40 = load volatile i64, i64* %39, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %46 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 br label %47 %48 = phi i64 [ %19, %18 ], [ %29, %46 ] call void @memzero_explicit(i8* nonnull %4, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 br label %20 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %22 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %22, align 4 %23 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %23, align 4 %24 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %24, align 4 %25 = getelementptr i32, i32* %0, i64 4 %26 = bitcast i32* %25 to i8* %27 = getelementptr i32, i32* %0, i64 12 %28 = bitcast i32* %27 to i8* call void @chacha20_block(i32* %0, i8* nonnull %21) #69 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %21, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %73 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %74 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %75 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %75, align 4 %76 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %76, align 4 %77 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %77, align 4 %78 = getelementptr i32, i32* %0, i64 4 %79 = bitcast i32* %78 to i8* %80 = getelementptr i32, i32* %0, i64 12 %81 = bitcast i32* %80 to i8* call void @chacha20_block(i32* %0, i8* nonnull %74) #69 %82 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %74, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice [32m------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 %53 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %54 = load i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %55 = add i64 %54, 1 %56 = icmp eq i64 %55, -1 %57 = select i1 %56, i64 0, i64 %55 store volatile i64 %57, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %58 = load volatile i64, i64* @jiffies, align 64 store volatile i64 %58, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %59 = load i32, i32* @crng_init, align 4 %60 = icmp ugt i32 %59, 1 br i1 %60, label %62, label %61, !prof !8, !misexpect !9 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %53) #69 call void @memzero_explicit(i8* nonnull %52, i64 32) #69 br label %63 %64 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !10 %65 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %66 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.crng* nonnull @crngs) #6, !srcloc !12 %67 = inttoptr i64 %66 to %struct.crng* %68 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %71 = icmp eq i64 %69, %70 br i1 %71, label %84, label %72, !prof !8, !misexpect !5 %85 = getelementptr inbounds %struct.crng, %struct.crng* %67, i64 0, i32 0, i64 0 %86 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 0 store i32 1634760805, i32* %0, align 4 %87 = getelementptr i32, i32* %0, i64 1 store i32 857760878, i32* %87, align 4 %88 = getelementptr i32, i32* %0, i64 2 store i32 2036477234, i32* %88, align 4 %89 = getelementptr i32, i32* %0, i64 3 store i32 1797285236, i32* %89, align 4 %90 = getelementptr i32, i32* %0, i64 4 %91 = bitcast i32* %90 to i8* %92 = getelementptr i32, i32* %0, i64 12 %93 = bitcast i32* %92 to i8* call void @chacha20_block(i32* %0, i8* nonnull %86) #69 %94 = getelementptr inbounds [64 x i8], [64 x i8]* %6, i64 0, i64 32 call void @memzero_explicit(i8* nonnull %86, i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 rt6_remove_exception_rt 3 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 rt6_update_exception_stamp_rt 3 __ip6_rt_update_pmtu 4 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 ip_del_fnhe 3 __mkroute_output 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 ip_del_fnhe 3 __mkroute_output 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 generate_random_uuid 3 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 generate_random_uuid 3 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* nonnull %6) #70 call void @memzero_explicit(i8* nonnull %6, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 rt6_remove_exception_rt 3 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 rt6_update_exception_stamp_rt 3 __ip6_rt_update_pmtu 4 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 ip_del_fnhe 3 __mkroute_output 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 ip_del_fnhe 3 __mkroute_output 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 do_mq_notify 11 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 __skb_get_hash 3 get_xps_queue 4 __netdev_pick_tx 5 netdev_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 generate_random_uuid 3 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_bytes 2 generate_random_uuid 3 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Use: =BAD PATH= Call Stack: 0 _get_random_bytes 1 get_random_u64 2 copy_process 3 _do_fork 4 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 %12 = sub i64 %1, %10 %13 = icmp eq i64 %12, 0 br i1 %13, label %33, label %14 %15 = getelementptr i8, i8* %0, i64 %10 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 13 br label %18 %19 = phi i8* [ %15, %14 ], [ %31, %29 ] %20 = phi i64 [ %12, %14 ], [ %30, %29 ] %21 = icmp ult i64 %20, 64 br i1 %21, label %22, label %23 call void @chacha20_block(i32* nonnull %11, i8* %19) #70 %24 = load i32, i32* %16, align 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %27 = load i32, i32* %17, align 4 %28 = add i32 %27, 1 store i32 %28, i32* %17, align 4 br label %29 %30 = add i64 %20, -64 %31 = getelementptr i8, i8* %19, i64 64 %32 = icmp eq i64 %30, 0 br i1 %32, label %33, label %18 call void @memzero_explicit(i8* nonnull %5, i64 64) #70 ------------- Good: 4879 Bad: 189 Ignored: 8649 Check Use of Function:serial8250_verify_port Check Use of Function:uart_shutdown Check Use of Function:ipip6_dellink Check Use of Function:serial8250_release_port Check Use of Function:vt_do_kbkeycode_ioctl Check Use of Function:__tty_hangup Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_vhangup_session to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.230612* %0, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_vhangup_session to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.230612* %0, i32 1) #69 ------------- Good: 4 Bad: 2 Ignored: 15 Check Use of Function:xs_udp_write_space Check Use of Function:unix_write_space Check Use of Function:xprt_wake_pending_tasks Check Use of Function:vfs_rename Check Use of Function:lookup_mnt Check Use of Function:mqueue_create Check Use of Function:filp_open Check Use of Function:uart_set_ldisc Check Use of Function:security_context_to_sid_force Check Use of Function:link_path_walk Check Use of Function:proc_net_d_revalidate Check Use of Function:compat_table_info Check Use of Function:serial8250_config_port Check Use of Function:walk_page_range Use: =BAD PATH= Call Stack: 0 kernel_mbind 1 __ia32_compat_sys_mbind ------------- Path:  Function:__ia32_compat_sys_mbind %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = bitcast %struct.cpumask* %2 to i8* %21 = add i64 %16, 4294967295 %22 = and i64 %21, 4294967295 %23 = icmp ult i64 %22, 64 %24 = select i1 %23, i64 %22, i64 64 %25 = add nuw nsw i64 %24, 63 %26 = lshr i64 %25, 3 %27 = and i64 %26, 24 %28 = icmp eq i64 %14, 0 br i1 %28, label %39, label %29 %30 = inttoptr i64 %14 to i32* %31 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %32 = call i64 @compat_get_bitmap(i64* nonnull %31, i32* nonnull %30, i64 %24) #69 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %43 %35 = call i8* @compat_alloc_user_space(i64 %27) #69 %36 = bitcast i8* %35 to i64* %37 = call i64 @_copy_to_user(i8* %35, i8* nonnull %20, i64 %27) #69 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %43 %40 = phi i64* [ %36, %34 ], [ null, %1 ] %41 = add nuw nsw i64 %24, 1 %42 = call fastcc i64 @kernel_mbind(i64 %5, i64 %8, i64 %11, i64* %40, i64 %41, i32 %19) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_mbind 1 __ia32_sys_mbind ------------- Path:  Function:__ia32_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = inttoptr i64 %13 to i64* %20 = trunc i64 %18 to i32 %21 = tail call fastcc i64 @kernel_mbind(i64 %4, i64 %7, i64 %10, i64* %19, i64 %16, i32 %20) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_mbind 1 __x64_sys_mbind ------------- Path:  Function:__x64_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = bitcast i64* %8 to i64** %10 = load i64*, i64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %14 to i32 %16 = tail call fastcc i64 @kernel_mbind(i64 %3, i64 %5, i64 %7, i64* %10, i64 %12, i32 %15) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] %125 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %126 = load %struct.file.115359*, %struct.file.115359** %125, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %7, align 8 %127 = icmp eq %struct.file.115359* %126, null br i1 %127, label %128, label %133 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %65, align 8 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)* @swapin_walk_pmd_entry, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %66, align 8 %129 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 6 %130 = bitcast %struct.mm_struct.115604** %129 to i64* %131 = load i64, i64* %130, align 8 store i64 %131, i64* %70, align 8 store %struct.vm_area_struct.115591* null, %struct.vm_area_struct.115591** %71, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %73, align 8 %132 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.115686*)*)(i64 %85, i64 %89, %struct.mm_walk.115686* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] %125 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %126 = load %struct.file.115359*, %struct.file.115359** %125, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %7, align 8 %127 = icmp eq %struct.file.115359* %126, null br i1 %127, label %128, label %133 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %65, align 8 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)* @swapin_walk_pmd_entry, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %66, align 8 %129 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 6 %130 = bitcast %struct.mm_struct.115604** %129 to i64* %131 = load i64, i64* %130, align 8 store i64 %131, i64* %70, align 8 store %struct.vm_area_struct.115591* null, %struct.vm_area_struct.115591** %71, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %73, align 8 %132 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.115686*)*)(i64 %85, i64 %89, %struct.mm_walk.115686* nonnull %6) #69 ------------- Good: 7 Bad: 5 Ignored: 3 Check Use of Function:xt_find_revision Check Use of Function:errseq_sample Check Use of Function:ext4_force_commit Check Use of Function:proc_lookup Check Use of Function:proc_attr_dir_lookup Check Use of Function:unlazy_walk Check Use of Function:d_alloc_parallel Use: =BAD PATH= Call Stack: 0 nfs_complete_unlink 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %12 %8 = getelementptr %struct.inode.733, %struct.inode.733* %1, i64 -1, i32 16 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 9, i32 1 %10 = load i64, i64* %9, align 8 %11 = or i64 %10, 2 store i64 %11, i64* %9, align 8 br label %12 %13 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %32, label %17 tail call void bitcast (void (%struct.dentry.185839*, %struct.inode.185836*)* @nfs_complete_unlink to void (%struct.dentry.734*, %struct.inode.733*)*)(%struct.dentry.734* %0, %struct.inode.733* %1) #69 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.185874, align 8 %4 = alloca %struct.rpc_task_setup.185918, align 8 %5 = getelementptr inbounds %struct.dentry.185839, %struct.dentry.185839* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #69 %7 = getelementptr inbounds %struct.dentry.185839, %struct.dentry.185839* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.185839, %struct.dentry.185839* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.185902** %12 = load %struct.nfs_unlinkdata.185902*, %struct.nfs_unlinkdata.185902** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.185836, %struct.inode.185836* %1, i64 -1, i32 16 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %14, i64 9, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %118 %20 = getelementptr inbounds %struct.dentry.185839, %struct.dentry.185839* %0, i64 0, i32 3 %21 = load %struct.dentry.185839*, %struct.dentry.185839** %20, align 8 %22 = getelementptr inbounds %struct.dentry.185839, %struct.dentry.185839* %21, i64 0, i32 5 %23 = load %struct.inode.185836*, %struct.inode.185836** %22, align 8 %24 = getelementptr %struct.inode.185836, %struct.inode.185836* %23, i64 -1, i32 16 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %24, i64 19 %26 = bitcast %struct.anon.48* %25 to %struct.rw_semaphore.185734* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.185734*)*)(%struct.rw_semaphore.185734* %26) #69 %27 = load %struct.dentry.185839*, %struct.dentry.185839** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.185902, %struct.nfs_unlinkdata.185902* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.185902, %struct.nfs_unlinkdata.185902* %12, i64 0, i32 3 %30 = tail call %struct.dentry.185839* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.185839* (%struct.dentry.185839*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.185839* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.726, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.726* %7 to i8* %15 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = icmp eq %struct.inode.733* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %38 = load %struct.super_block.720*, %struct.super_block.720** %37, align 8 %39 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %38, i64 0, i32 30 %40 = bitcast i8** %39 to %struct.nfs_server.178497** %41 = load %struct.nfs_server.178497*, %struct.nfs_server.178497** %40, align 64 %42 = getelementptr inbounds %struct.nfs_server.178497, %struct.nfs_server.178497* %41, i64 0, i32 22 %43 = load i32, i32* %42, align 8 %44 = icmp ugt i32 %36, %43 br i1 %44, label %306, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %64 = and i32 %3, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 br i1 %47, label %71, label %91 %72 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 0 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 268435456 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %91 call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %1) #69 %77 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 3 %78 = load %struct.dentry.734*, %struct.dentry.734** %77, align 8 %79 = call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.734* %78, %struct.qstr* %33, %struct.wait_queue_head* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %6 = load %struct.inode.146664*, %struct.inode.146664** %5, align 8 %7 = getelementptr %struct.inode.146664, %struct.inode.146664* %6, i64 -1, i32 40, i32 12, i32 1 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 4 %9 = bitcast %struct.list_head** %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry.146668*, %struct.dentry.146668** %32, align 8 %34 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %33, i64 0, i32 5 %35 = load %struct.inode.146664*, %struct.inode.146664** %34, align 8 %36 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.19.16432, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #69 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry.146668*, %struct.dentry.146668** %44, align 8 %46 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %45, i64 0, i32 3 %49 = load %struct.dentry.146668*, %struct.dentry.146668** %48, align 8 %50 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %49, i64 0, i32 5 %51 = load %struct.inode.146664*, %struct.inode.146664** %50, align 8 %52 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.20.16433, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #69 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #69 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file.146593* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #69 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry.146668*, %struct.dentry.146668** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #69 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry.146668* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #70 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry.146668* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_lookup to %struct.dentry.146668* (%struct.dentry.146668*, %struct.qstr*)*)(%struct.dentry.146668* %8, %struct.qstr* nonnull %5) #71 %23 = icmp eq %struct.dentry.146668* %22, null br i1 %23, label %24, label %67 %25 = bitcast %struct.wait_queue_head* %6 to i8* %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store %struct.list_head* %27, %struct.list_head** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %27, %struct.list_head** %29, align 8 %30 = call %struct.dentry.146668* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.146668* (%struct.dentry.146668*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.146668* %8, %struct.qstr* nonnull %5, %struct.wait_queue_head* nonnull %6) #71 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tid_base_readdir ------------- Path:  Function:proc_tid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.147308* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } } }>* @tid_base_stuff, i64 0, i32 0), i32 38) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 2 %6 = load %struct.inode.147380*, %struct.inode.147380** %5, align 8 %7 = getelementptr %struct.inode.147380, %struct.inode.147380* %6, i64 -1, i32 40, i32 12, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pid.147089** %9 = load %struct.pid.147089*, %struct.pid.147089** %8, align 8 %10 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.147271* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.147308* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.147308* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.147384* (%struct.dentry.147384*, %struct.task_struct.147271*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.147271* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.147384*, %struct.dentry.147384** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.147384* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_attr_dir_readdir ------------- Path:  Function:proc_attr_dir_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.147308* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds ([6 x %struct.pid_entry], [6 x %struct.pid_entry]* @attr_dir_stuff, i64 0, i64 0), i32 6) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 2 %6 = load %struct.inode.147380*, %struct.inode.147380** %5, align 8 %7 = getelementptr %struct.inode.147380, %struct.inode.147380* %6, i64 -1, i32 40, i32 12, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pid.147089** %9 = load %struct.pid.147089*, %struct.pid.147089** %8, align 8 %10 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.147271* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.147308* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.147308* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.147384* (%struct.dentry.147384*, %struct.task_struct.147271*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.147271* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.147384*, %struct.dentry.147384** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.147384* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tgid_base_readdir ------------- Path:  Function:proc_tgid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.147308* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.147374*, %struct.file_operations.147305*, { i32 (%struct.seq_file.147054*, %struct.pid_namespace.147087*, %struct.pid.147089*, %struct.task_struct.147271*)* } }, %struct.pid_entry }>* @tgid_base_stuff, i64 0, i32 0), i32 43) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 2 %6 = load %struct.inode.147380*, %struct.inode.147380** %5, align 8 %7 = getelementptr %struct.inode.147380, %struct.inode.147380* %6, i64 -1, i32 40, i32 12, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pid.147089** %9 = load %struct.pid.147089*, %struct.pid.147089** %8, align 8 %10 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.147271* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.147308* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.147308* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.147384* (%struct.dentry.147384*, %struct.task_struct.147271*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.147271* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.147384*, %struct.dentry.147384** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.147384* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.147384* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.147384* (%struct.dentry.147384*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.147384* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Good: 11 Bad: 6 Ignored: 13 Check Use of Function:dev_change_flags Check Use of Function:free_cgroup_ns Use: =BAD PATH= Call Stack: 0 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.82208, %struct.ns_common.82208* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.82422* %4 = icmp eq i32* %2, null br i1 %4, label %10, label %5 %6 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32* nonnull %2) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %10, label %9 tail call void @free_cgroup_ns(%struct.cgroup_namespace.82422* nonnull %3) #69 ------------- Good: 9 Bad: 3 Ignored: 6 Check Use of Function:terminate_walk Check Use of Function:xt_compat_target_from_user Check Use of Function:proc_tgid_base_lookup Check Use of Function:do_smart_update Check Use of Function:path_init Check Use of Function:kernfs_iop_rmdir Check Use of Function:mmc_ioctl_cdrom_last_written Check Use of Function:autofs_lookup Check Use of Function:ext4_xattr_security_get Check Use of Function:security_inode_create Check Use of Function:get_fs_type Check Use of Function:rtc_cmos_read Use: =BAD PATH= Call Stack: 0 nvram_read ------------- Path:  Function:nvram_read %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %8 %9 = phi i32 [ 2, %4 ], [ %16, %8 ] %10 = phi i32 [ 0, %4 ], [ %17, %8 ] %11 = trunc i32 %9 to i8 %12 = add i8 %11, 14 %13 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %12) #69 %14 = zext i8 %13 to i32 %15 = add nuw nsw i32 %10, %14 %16 = add nuw nsw i32 %9, 1 %17 = and i32 %15, 65535 %18 = icmp eq i32 %16, 32 br i1 %18, label %19, label %8 %20 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %21 = zext i8 %20 to i32 %22 = shl nuw nsw i32 %21, 8 %23 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 %24 = zext i8 %23 to i32 %25 = or i32 %22, %24 %26 = icmp eq i32 %17, %25 br i1 %26, label %27, label %55 %28 = trunc i64 %7 to i32 %29 = icmp ne i64 %2, 0 %30 = icmp ult i32 %28, 114 %31 = and i1 %29, %30 br i1 %31, label %32, label %45 %33 = phi i8* [ %41, %32 ], [ %6, %27 ] %34 = phi i32 [ %40, %32 ], [ %28, %27 ] %35 = phi i64 [ %36, %32 ], [ %2, %27 ] %36 = add i64 %35, -1 %37 = trunc i32 %34 to i8 %38 = add nuw nsw i8 %37, 14 %39 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %38) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_read ------------- Path:  Function:nvram_read %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %8 %9 = phi i32 [ 2, %4 ], [ %16, %8 ] %10 = phi i32 [ 0, %4 ], [ %17, %8 ] %11 = trunc i32 %9 to i8 %12 = add i8 %11, 14 %13 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %12) #69 %14 = zext i8 %13 to i32 %15 = add nuw nsw i32 %10, %14 %16 = add nuw nsw i32 %9, 1 %17 = and i32 %15, 65535 %18 = icmp eq i32 %16, 32 br i1 %18, label %19, label %8 %20 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %21 = zext i8 %20 to i32 %22 = shl nuw nsw i32 %21, 8 %23 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_read ------------- Path:  Function:nvram_read %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %8 %9 = phi i32 [ 2, %4 ], [ %16, %8 ] %10 = phi i32 [ 0, %4 ], [ %17, %8 ] %11 = trunc i32 %9 to i8 %12 = add i8 %11, 14 %13 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %12) #69 %14 = zext i8 %13 to i32 %15 = add nuw nsw i32 %10, %14 %16 = add nuw nsw i32 %9, 1 %17 = and i32 %15, 65535 %18 = icmp eq i32 %16, 32 br i1 %18, label %19, label %8 %20 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_read ------------- Path:  Function:nvram_read %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %8 %9 = phi i32 [ 2, %4 ], [ %16, %8 ] %10 = phi i32 [ 0, %4 ], [ %17, %8 ] %11 = trunc i32 %9 to i8 %12 = add i8 %11, 14 %13 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %12) #69 %9 = phi i32 [ 2, %4 ], [ %16, %8 ] %10 = phi i32 [ 0, %4 ], [ %17, %8 ] %11 = trunc i32 %9 to i8 %12 = add i8 %11, 14 %13 = tail call zeroext i8 @rtc_cmos_read(i8 zeroext %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %31 = zext i8 %30 to i32 %32 = shl nuw nsw i32 %31, 8 %33 = call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 %34 = zext i8 %33 to i32 %35 = or i32 %32, %34 %36 = icmp eq i32 %27, %35 br i1 %36, label %37, label %72 %38 = icmp eq i64 %14, 0 br i1 %38, label %39, label %42 %43 = phi i8* [ %51, %42 ], [ %6, %37 ] %44 = phi i32 [ %50, %42 ], [ %8, %37 ] %45 = phi i64 [ %46, %42 ], [ %14, %37 ] %46 = add nsw i64 %45, -1 %47 = load i8, i8* %43, align 1 %48 = trunc i32 %44 to i8 %49 = add i8 %48, 14 call void @rtc_cmos_write(i8 zeroext %47, i8 zeroext %49) #69 %50 = add i32 %44, 1 %51 = getelementptr i8, i8* %43, i64 1 %52 = icmp eq i64 %46, 0 br i1 %52, label %39, label %42 %40 = phi i32 [ %8, %37 ], [ %50, %42 ] %41 = phi i8* [ %6, %37 ], [ %51, %42 ] br label %53 %54 = phi i32 [ %62, %53 ], [ 0, %39 ] %55 = phi i32 [ %61, %53 ], [ 2, %39 ] %56 = trunc i32 %55 to i8 %57 = add i8 %56, 14 %58 = call zeroext i8 @rtc_cmos_read(i8 zeroext %57) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %31 = zext i8 %30 to i32 %32 = shl nuw nsw i32 %31, 8 %33 = call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 ------------- Good: 27 Bad: 8 Ignored: 464 Check Use of Function:map_files_d_revalidate Check Use of Function:filename_create Check Use of Function:serial8250_get_mctrl Check Use of Function:step_into Check Use of Function:security_sb_remount Check Use of Function:kernel_kexec Check Use of Function:kzalloc.31533 Check Use of Function:trailing_symlink Check Use of Function:ext4_create Check Use of Function:translate_table Check Use of Function:user_shm_lock Check Use of Function:kernfs_dop_revalidate Check Use of Function:blk_queue_flag_set Check Use of Function:proc_task_lookup Check Use of Function:nfs_lookup_revalidate Check Use of Function:nfs4_lookup_revalidate Check Use of Function:dm_blk_ioctl Check Use of Function:vfat_revalidate_ci Check Use of Function:mmc_ioctl_cdrom_play_blk Check Use of Function:clone_mnt Check Use of Function:xt_compat_target_to_user Check Use of Function:hugetlbfs_read_iter Check Use of Function:rtnl_create_link Check Use of Function:truncate_inode_pages Check Use of Function:read_iter_null Check Use of Function:ip4_datagram_release_cb Check Use of Function:d_lookup Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %6 = load %struct.inode.146664*, %struct.inode.146664** %5, align 8 %7 = getelementptr %struct.inode.146664, %struct.inode.146664* %6, i64 -1, i32 40, i32 12, i32 1 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 4 %9 = bitcast %struct.list_head** %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry.146668*, %struct.dentry.146668** %32, align 8 %34 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %33, i64 0, i32 5 %35 = load %struct.inode.146664*, %struct.inode.146664** %34, align 8 %36 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.19.16432, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #69 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry.146668*, %struct.dentry.146668** %44, align 8 %46 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %45, i64 0, i32 3 %49 = load %struct.dentry.146668*, %struct.dentry.146668** %48, align 8 %50 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %49, i64 0, i32 5 %51 = load %struct.inode.146664*, %struct.inode.146664** %50, align 8 %52 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.20.16433, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #69 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #69 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file.146593* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #69 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry.146668*, %struct.dentry.146668** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #69 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry.146668* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #70 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry.146668* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_lookup to %struct.dentry.146668* (%struct.dentry.146668*, %struct.qstr*)*)(%struct.dentry.146668* %8, %struct.qstr* nonnull %5) #71 ------------- Good: 15 Bad: 1 Ignored: 0 Check Use of Function:fd_install Check Use of Function:__lookup_slow Check Use of Function:security_sem_associate Use: =BAD PATH= Call Stack: 0 ksys_semget 1 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %35 = tail call i64 @ksys_semget(i32 %19, i32 %20, i32 %21) #69 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %6, i64 0, i32 85 %8 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 %11 = icmp slt i32 %1, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 2, i64 0 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, %1 br i1 %15, label %24, label %16 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %20 = bitcast %struct.anon.1* %19 to i32* store i32 %1, i32* %20, align 8 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 1, i64 0 %22 = call i32 @ipcget(%struct.ipc_namespace* %10, %struct.ipc_ids* %21, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:filename_parentat Check Use of Function:task_set_jobctl_pending Check Use of Function:wake_q_add Check Use of Function:invalidate_bdev Check Use of Function:current_umask Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.230015, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.230015, align 8 %7 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %8 = load %struct.sock.230350*, %struct.sock.230350** %7, align 8 %9 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.230172*, %struct.net.230172** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.230015* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %223, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %223 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %223, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 1 %56 = bitcast %struct.socket.230347* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.230015, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.230015, align 8 %7 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %8 = load %struct.sock.230350*, %struct.sock.230350** %7, align 8 %9 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.230172*, %struct.net.230172** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.230015* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %223, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %223 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %223, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 1 %56 = bitcast %struct.socket.230347* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.230015, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.230015, align 8 %7 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %8 = load %struct.sock.230350*, %struct.sock.230350** %7, align 8 %9 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.230172*, %struct.net.230172** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.230015* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %223, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %223 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %223, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 1 %56 = bitcast %struct.socket.230347* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.197100** %9 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %8, align 64 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %9, i64 0, i32 33, i64 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 131072 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %22 %16 = tail call i32 @current_umask() #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %10, i64 0, i32 33, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %17 = tail call i32 @current_umask() #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.726, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.726* %7 to i8* %15 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = icmp eq %struct.inode.733* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %38 = load %struct.super_block.720*, %struct.super_block.720** %37, align 8 %39 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %38, i64 0, i32 30 %40 = bitcast i8** %39 to %struct.nfs_server.178497** %41 = load %struct.nfs_server.178497*, %struct.nfs_server.178497** %40, align 64 %42 = getelementptr inbounds %struct.nfs_server.178497, %struct.nfs_server.178497* %41, i64 0, i32 22 %43 = load i32, i32* %42, align 8 %44 = icmp ugt i32 %36, %43 br i1 %44, label %306, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %49 = getelementptr %struct.nfs_server.178497, %struct.nfs_server.178497* %41, i64 0, i32 33, i64 2 %50 = load i32, i32* %49, align 4 %51 = and i32 %50, 131072 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %58 %54 = call i32 @current_umask() #69 ------------- Good: 17 Bad: 6 Ignored: 18 Check Use of Function:sg_new_read Check Use of Function:__mnt_drop_write Check Use of Function:security_msg_queue_msgsnd Check Use of Function:dev_change_net_namespace Check Use of Function:follow_managed Check Use of Function:kernel_wait4 Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 ------------- Good: 1 Bad: 5 Ignored: 3 Check Use of Function:reboot_pid_ns Check Use of Function:isofs_lookup Check Use of Function:xt_free_table_info Check Use of Function:dquot_add_space Check Use of Function:compat_table_info.59431 Check Use of Function:cpus_read_unlock Use: =BAD PATH= Call Stack: 0 store.51090 ------------- Path:  Function:store.51090 %5 = getelementptr %struct.kobject.543007, %struct.kobject.543007* %0, i64 -3, i32 1 %6 = bitcast %struct.list_head* %5 to %struct.cpufreq_policy.543029* %7 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1, i32 1 %8 = bitcast i16* %7 to i64 (%struct.cpufreq_policy.543029*, i8*, i64)** %9 = load i64 (%struct.cpufreq_policy.543029*, i8*, i64)*, i64 (%struct.cpufreq_policy.543029*, i8*, i64)** %8, align 8 %10 = icmp eq i64 (%struct.cpufreq_policy.543029*, i8*, i64)* %9, null br i1 %10, label %28, label %11 %12 = tail call i32 @cpus_read_trylock() #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %28, label %14 %15 = getelementptr inbounds %struct.cpufreq_policy.543029, %struct.cpufreq_policy.543029* %6, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %17) #6, !srcloc !4 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %26, label %21 %27 = phi i64 [ %25, %21 ], [ -22, %14 ] tail call void @cpus_read_unlock() #69 ------------- Good: 74 Bad: 1 Ignored: 0 Check Use of Function:security_inode_removexattr Check Use of Function:get_net_ns_by_id Check Use of Function:local_bh_enable.59161 Check Use of Function:__put_net Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.152516** %5 = load %struct.seq_file.152516*, %struct.seq_file.152516** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.152516, %struct.seq_file.152516* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.seq_net_private** %8 = load %struct.seq_net_private*, %struct.seq_net_private** %7, align 8 %9 = getelementptr inbounds %struct.seq_net_private, %struct.seq_net_private* %8, i64 0, i32 0 %10 = load %struct.net.152719*, %struct.net.152719** %9, align 8 %11 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %10, i64 0, i32 1, i32 0, i32 0 %12 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32* %11) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %16, label %15 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.152516** %5 = load %struct.seq_file.152516*, %struct.seq_file.152516** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.152516, %struct.seq_file.152516* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.net.152719** %8 = load %struct.net.152719*, %struct.net.152719** %7, align 8 %9 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %8, i64 0, i32 1, i32 0, i32 0 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %5 = getelementptr inbounds %struct.path.152821, %struct.path.152821* %0, i64 0, i32 1 %6 = load %struct.dentry.152819*, %struct.dentry.152819** %5, align 8 %7 = getelementptr inbounds %struct.dentry.152819, %struct.dentry.152819* %6, i64 0, i32 5 %8 = load %struct.inode.152815*, %struct.inode.152815** %7, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = getelementptr %struct.inode.152815, %struct.inode.152815* %8, i64 -1, i32 40, i32 12, i32 1 %10 = bitcast %struct.list_head** %9 to %struct.pid** %11 = load %struct.pid*, %struct.pid** %10, align 8 %12 = tail call %struct.task_struct.152773* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.152773* (%struct.pid*, i32)*)(%struct.pid* %11, i32 0) #69 %13 = icmp eq %struct.task_struct.152773* %12, null br i1 %13, label %27, label %14 %28 = phi %struct.net.152719* [ %24, %23 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void bitcast (void (%struct.inode.39644*, %struct.kstat*)* @generic_fillattr to void (%struct.inode.152815*, %struct.kstat*)*)(%struct.inode.152815* %8, %struct.kstat* %1) #69 %29 = icmp eq %struct.net.152719* %28, null br i1 %29, label %41, label %30 %31 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %28, i64 0, i32 13 %32 = load %struct.proc_dir_entry.152614*, %struct.proc_dir_entry.152614** %31, align 8 %33 = getelementptr inbounds %struct.proc_dir_entry.152614, %struct.proc_dir_entry.152614* %32, i64 0, i32 13 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.kstat, %struct.kstat* %1, i64 0, i32 2 store i32 %34, i32* %35, align 8 %36 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %28, i64 0, i32 1, i32 0, i32 0 %37 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32* %36) #6, !srcloc !9 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* nonnull %28) #69 ------------- Good: 57 Bad: 3 Ignored: 48 Check Use of Function:sock_read_iter Check Use of Function:_isofs_bmap Check Use of Function:dev_change_tx_queue_len Check Use of Function:walk_component Check Use of Function:vfat_create Check Use of Function:proc_root_lookup Check Use of Function:disk_part_iter_init Check Use of Function:urandom_read_iter Check Use of Function:fsnotify_get_cookie Check Use of Function:security_task_fix_setuid Check Use of Function:mmc_ioctl_cdrom_read_audio Check Use of Function:set_fs_root Check Use of Function:simple_lookup Check Use of Function:sr_drive_status Check Use of Function:__ipv6_dev_ac_inc Check Use of Function:sr_get_mcn Check Use of Function:cdrom_count_tracks Check Use of Function:lookup_fast Check Use of Function:efivar_entry_iter_end Check Use of Function:ext4_rename2 Check Use of Function:msdos_lookup Check Use of Function:bpf_get_trace_printk_proto Check Use of Function:do_ip6t_get_ctl Check Use of Function:sr_packet Check Use of Function:vm_stat_account Check Use of Function:match_string Check Use of Function:mmc_ioctl_cdrom_play_msf Check Use of Function:mqueue_unlink Check Use of Function:rescan_partitions Check Use of Function:handle_dots Check Use of Function:sr_tray_move Check Use of Function:bcmp Use: =BAD PATH= Call Stack: 0 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.151727, %struct.inode.151727* %0, i64 -1, i32 40, i32 12, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.pid.151621** %6 = load %struct.pid.151621*, %struct.pid.151621** %5, align 8 %7 = tail call %struct.task_struct.151684* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.151684* (%struct.pid.151621*, i32)*)(%struct.pid.151621* %6, i32 0) #69 %8 = icmp eq %struct.task_struct.151684* %7, null br i1 %8, label %53, label %9 %10 = getelementptr inbounds %struct.dentry.151730, %struct.dentry.151730* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.151730, %struct.dentry.151730* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.151591** [ getelementptr inbounds ([7 x %struct.proc_ns_operations.151591*], [7 x %struct.proc_ns_operations.151591*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.151591*, %struct.proc_ns_operations.151591** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.151591, %struct.proc_ns_operations.151591* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #70 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.197121** %6 = load %struct.nfs_unlinkdata.197121*, %struct.nfs_unlinkdata.197121** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.nfs_renamedata.197124** %7 = load %struct.nfs_renamedata.197124*, %struct.nfs_renamedata.197124** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %8, align 8 %10 = icmp eq %struct.nfs4_slot.197116* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %51 = load %struct.inode.733*, %struct.inode.733** %50, align 8 call void bitcast (void (%struct.inode.180634*)* @nfs_invalidate_atime to void (%struct.inode.733*)*)(%struct.inode.733* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %54 = bitcast {}** %53 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %55 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %61 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %41 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %41, i64 0, i32 4 %43 = bitcast %struct.nfs4_state.197134** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.733** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %62 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %36 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %36, i64 0, i32 4 %38 = bitcast %struct.nfs4_state.197134** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.733** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %50 = load %struct.super_block.720*, %struct.super_block.720** %49, align 8 %51 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.nfs_server.197100** %53 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %52, align 64 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %53, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.733* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page.694*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.694*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %56 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %55, i64 0, i32 0, i32 0 %57 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %57, i64 9, i32 1 %59 = bitcast %struct.spinlock* %55 to i8* %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %61 %62 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %63 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %62, i64 0, i32 30 %64 = bitcast i8** %63 to %struct.nfs_server.197100** %65 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %64, align 64 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page.694** %21, %struct.page.694*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 br i1 %31, label %164, label %66 %67 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %65, i64 0, i32 9 %68 = load i32, i32* %67, align 4 %69 = and i32 %68, 8 %70 = icmp eq i32 %69, 0 %71 = or i1 %70, %33 %72 = select i1 %70, i32 -95, i32 -34 br i1 %71, label %164, label %73 %74 = phi i32 [ %97, %86 ], [ 0, %66 ] %75 = phi %struct.page.694** [ %96, %86 ], [ %21, %66 ] %76 = phi i64 [ %95, %86 ], [ %2, %66 ] %77 = phi i8* [ %94, %86 ], [ %1, %66 ] %78 = icmp ult i64 %76, 4096 %79 = select i1 %78, i64 %76, i64 4096 %80 = call %struct.page.694* bitcast (%struct.page.39615* (i32, i32)* @alloc_pages_current to %struct.page.694* (i32, i32)*)(i32 6291648, i32 0) #69 %81 = icmp eq %struct.page.694* %80, null br i1 %81, label %82, label %86 %83 = icmp sgt i32 %74, 0 br i1 %83, label %84, label %164 %85 = zext i32 %74 to i64 br label %99 %100 = phi i64 [ %85, %84 ], [ %107, %99 ] %101 = phi i32 [ %74, %84 ], [ %102, %99 ] %102 = add nsw i32 %101, -1 %103 = zext i32 %102 to i64 %104 = getelementptr [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 %103 %105 = load %struct.page.694*, %struct.page.694** %104, align 8 call void bitcast (void (%struct.page.102549*, i32)* @__free_pages to void (%struct.page.694*, i32)*)(%struct.page.694* %105, i32 0) #69 %106 = icmp sgt i64 %100, 1 %107 = add nsw i64 %100, -1 br i1 %106, label %99, label %164 %165 = phi i32 [ %134, %161 ], [ -22, %61 ], [ %72, %66 ], [ %97, %108 ], [ -12, %82 ], [ -12, %99 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %166)) #6 to label %188 [label %166], !srcloc !8 switch i32 %165, label %189 [ i32 -10039, label %198 i32 -10041, label %198 ] %190 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %191 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %190, i64 0, i32 30 %192 = bitcast i8** %191 to %struct.nfs_server.197100** %193 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %192, align 64 %194 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %193, i32 %165, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %103 = phi i32 [ %92, %100 ], [ -12, %65 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %104)) #6 to label %126 [label %104], !srcloc !4 %127 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %128 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %127, i64 0, i32 30 %129 = bitcast i8** %128 to %struct.nfs_server.197100** %130 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %129, align 64 %131 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %130, i32 %103, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.694*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = bitcast %struct.page.694** %6 to i8* %10 = icmp ugt i32 %3, 4096 %11 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %15 store %struct.page.694* %2, %struct.page.694** %6, align 8 br i1 %10, label %72, label %16 %73 = phi i32 [ -36, %15 ], [ %71, %20 ], [ -12, %16 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %98 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %97, i64 0, i32 30 %99 = bitcast i8** %98 to %struct.nfs_server.197100** %100 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %99, align 64 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %100, i32 %73, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 br label %78 %79 = phi i32 [ 0, %56 ], [ %77, %76 ] %80 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %79, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.201732, %struct.nfs_client.201732* %9, i64 0, i32 29 %19 = load %struct.nfs4_minor_version_ops.201728*, %struct.nfs4_minor_version_ops.201728** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.201728, %struct.nfs4_minor_version_ops.201728* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.197121** %6 = load %struct.nfs_unlinkdata.197121*, %struct.nfs_unlinkdata.197121** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.nfs_renamedata.197124** %7 = load %struct.nfs_renamedata.197124*, %struct.nfs_renamedata.197124** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %8, align 8 %10 = icmp eq %struct.nfs4_slot.197116* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %51 = load %struct.inode.733*, %struct.inode.733** %50, align 8 call void bitcast (void (%struct.inode.180634*)* @nfs_invalidate_atime to void (%struct.inode.733*)*)(%struct.inode.733* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %54 = bitcast {}** %53 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %55 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %61 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %41 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %41, i64 0, i32 4 %43 = bitcast %struct.nfs4_state.197134** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.733** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %62 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %36 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %36, i64 0, i32 4 %38 = bitcast %struct.nfs4_state.197134** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.733** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %50 = load %struct.super_block.720*, %struct.super_block.720** %49, align 8 %51 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.nfs_server.197100** %53 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %52, align 64 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %53, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.733* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page.694*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.694*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %56 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %55, i64 0, i32 0, i32 0 %57 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %57, i64 9, i32 1 %59 = bitcast %struct.spinlock* %55 to i8* %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %61 %62 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %63 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %62, i64 0, i32 30 %64 = bitcast i8** %63 to %struct.nfs_server.197100** %65 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %64, align 64 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page.694** %21, %struct.page.694*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 br i1 %31, label %164, label %66 %67 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %65, i64 0, i32 9 %68 = load i32, i32* %67, align 4 %69 = and i32 %68, 8 %70 = icmp eq i32 %69, 0 %71 = or i1 %70, %33 %72 = select i1 %70, i32 -95, i32 -34 br i1 %71, label %164, label %73 %74 = phi i32 [ %97, %86 ], [ 0, %66 ] %75 = phi %struct.page.694** [ %96, %86 ], [ %21, %66 ] %76 = phi i64 [ %95, %86 ], [ %2, %66 ] %77 = phi i8* [ %94, %86 ], [ %1, %66 ] %78 = icmp ult i64 %76, 4096 %79 = select i1 %78, i64 %76, i64 4096 %80 = call %struct.page.694* bitcast (%struct.page.39615* (i32, i32)* @alloc_pages_current to %struct.page.694* (i32, i32)*)(i32 6291648, i32 0) #69 %81 = icmp eq %struct.page.694* %80, null br i1 %81, label %82, label %86 %83 = icmp sgt i32 %74, 0 br i1 %83, label %84, label %164 %85 = zext i32 %74 to i64 br label %99 %100 = phi i64 [ %85, %84 ], [ %107, %99 ] %101 = phi i32 [ %74, %84 ], [ %102, %99 ] %102 = add nsw i32 %101, -1 %103 = zext i32 %102 to i64 %104 = getelementptr [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 %103 %105 = load %struct.page.694*, %struct.page.694** %104, align 8 call void bitcast (void (%struct.page.102549*, i32)* @__free_pages to void (%struct.page.694*, i32)*)(%struct.page.694* %105, i32 0) #69 %106 = icmp sgt i64 %100, 1 %107 = add nsw i64 %100, -1 br i1 %106, label %99, label %164 %165 = phi i32 [ %134, %161 ], [ -22, %61 ], [ %72, %66 ], [ %97, %108 ], [ -12, %82 ], [ -12, %99 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %166)) #6 to label %188 [label %166], !srcloc !8 switch i32 %165, label %189 [ i32 -10039, label %198 i32 -10041, label %198 ] %190 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %191 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %190, i64 0, i32 30 %192 = bitcast i8** %191 to %struct.nfs_server.197100** %193 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %192, align 64 %194 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %193, i32 %165, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %103 = phi i32 [ %92, %100 ], [ -12, %65 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %104)) #6 to label %126 [label %104], !srcloc !4 %127 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %128 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %127, i64 0, i32 30 %129 = bitcast i8** %128 to %struct.nfs_server.197100** %130 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %129, align 64 %131 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %130, i32 %103, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.694*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = bitcast %struct.page.694** %6 to i8* %10 = icmp ugt i32 %3, 4096 %11 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %15 store %struct.page.694* %2, %struct.page.694** %6, align 8 br i1 %10, label %72, label %16 %73 = phi i32 [ -36, %15 ], [ %71, %20 ], [ -12, %16 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %98 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %97, i64 0, i32 30 %99 = bitcast i8** %98 to %struct.nfs_server.197100** %100 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %99, align 64 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %100, i32 %73, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 br label %78 %79 = phi i32 [ 0, %56 ], [ %77, %76 ] %80 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %79, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.197121** %6 = load %struct.nfs_unlinkdata.197121*, %struct.nfs_unlinkdata.197121** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.nfs_renamedata.197124** %7 = load %struct.nfs_renamedata.197124*, %struct.nfs_renamedata.197124** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %8, align 8 %10 = icmp eq %struct.nfs4_slot.197116* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %51 = load %struct.inode.733*, %struct.inode.733** %50, align 8 call void bitcast (void (%struct.inode.180634*)* @nfs_invalidate_atime to void (%struct.inode.733*)*)(%struct.inode.733* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %54 = bitcast {}** %53 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %55 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %61 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %41 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %41, i64 0, i32 4 %43 = bitcast %struct.nfs4_state.197134** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.733** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %62 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %36 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %36, i64 0, i32 4 %38 = bitcast %struct.nfs4_state.197134** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.733** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %50 = load %struct.super_block.720*, %struct.super_block.720** %49, align 8 %51 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.nfs_server.197100** %53 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %52, align 64 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %53, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.733* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page.694*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.694*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %56 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %55, i64 0, i32 0, i32 0 %57 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %57, i64 9, i32 1 %59 = bitcast %struct.spinlock* %55 to i8* %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %61 %62 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %63 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %62, i64 0, i32 30 %64 = bitcast i8** %63 to %struct.nfs_server.197100** %65 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %64, align 64 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page.694** %21, %struct.page.694*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 br i1 %31, label %164, label %66 %67 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %65, i64 0, i32 9 %68 = load i32, i32* %67, align 4 %69 = and i32 %68, 8 %70 = icmp eq i32 %69, 0 %71 = or i1 %70, %33 %72 = select i1 %70, i32 -95, i32 -34 br i1 %71, label %164, label %73 %74 = phi i32 [ %97, %86 ], [ 0, %66 ] %75 = phi %struct.page.694** [ %96, %86 ], [ %21, %66 ] %76 = phi i64 [ %95, %86 ], [ %2, %66 ] %77 = phi i8* [ %94, %86 ], [ %1, %66 ] %78 = icmp ult i64 %76, 4096 %79 = select i1 %78, i64 %76, i64 4096 %80 = call %struct.page.694* bitcast (%struct.page.39615* (i32, i32)* @alloc_pages_current to %struct.page.694* (i32, i32)*)(i32 6291648, i32 0) #69 %81 = icmp eq %struct.page.694* %80, null br i1 %81, label %82, label %86 %83 = icmp sgt i32 %74, 0 br i1 %83, label %84, label %164 %85 = zext i32 %74 to i64 br label %99 %100 = phi i64 [ %85, %84 ], [ %107, %99 ] %101 = phi i32 [ %74, %84 ], [ %102, %99 ] %102 = add nsw i32 %101, -1 %103 = zext i32 %102 to i64 %104 = getelementptr [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 %103 %105 = load %struct.page.694*, %struct.page.694** %104, align 8 call void bitcast (void (%struct.page.102549*, i32)* @__free_pages to void (%struct.page.694*, i32)*)(%struct.page.694* %105, i32 0) #69 %106 = icmp sgt i64 %100, 1 %107 = add nsw i64 %100, -1 br i1 %106, label %99, label %164 %165 = phi i32 [ %134, %161 ], [ -22, %61 ], [ %72, %66 ], [ %97, %108 ], [ -12, %82 ], [ -12, %99 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %166)) #6 to label %188 [label %166], !srcloc !8 switch i32 %165, label %189 [ i32 -10039, label %198 i32 -10041, label %198 ] %190 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %191 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %190, i64 0, i32 30 %192 = bitcast i8** %191 to %struct.nfs_server.197100** %193 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %192, align 64 %194 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %193, i32 %165, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %103 = phi i32 [ %92, %100 ], [ -12, %65 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %104)) #6 to label %126 [label %104], !srcloc !4 %127 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %128 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %127, i64 0, i32 30 %129 = bitcast i8** %128 to %struct.nfs_server.197100** %130 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %129, align 64 %131 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %130, i32 %103, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.694*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = bitcast %struct.page.694** %6 to i8* %10 = icmp ugt i32 %3, 4096 %11 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %15 store %struct.page.694* %2, %struct.page.694** %6, align 8 br i1 %10, label %72, label %16 %73 = phi i32 [ -36, %15 ], [ %71, %20 ], [ -12, %16 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %98 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %97, i64 0, i32 30 %99 = bitcast i8** %98 to %struct.nfs_server.197100** %100 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %99, align 64 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %100, i32 %73, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 br label %78 %79 = phi i32 [ 0, %56 ], [ %77, %76 ] %80 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %79, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.197121** %6 = load %struct.nfs_unlinkdata.197121*, %struct.nfs_unlinkdata.197121** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.nfs_renamedata.197124** %7 = load %struct.nfs_renamedata.197124*, %struct.nfs_renamedata.197124** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %8, align 8 %10 = icmp eq %struct.nfs4_slot.197116* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %51 = load %struct.inode.733*, %struct.inode.733** %50, align 8 call void bitcast (void (%struct.inode.180634*)* @nfs_invalidate_atime to void (%struct.inode.733*)*)(%struct.inode.733* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %54 = bitcast {}** %53 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %55 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %61 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %41 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %41, i64 0, i32 4 %43 = bitcast %struct.nfs4_state.197134** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.733** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %62 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %36 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %36, i64 0, i32 4 %38 = bitcast %struct.nfs4_state.197134** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.733** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %50 = load %struct.super_block.720*, %struct.super_block.720** %49, align 8 %51 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.nfs_server.197100** %53 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %52, align 64 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %53, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.733* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page.694*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.694*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %56 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %55, i64 0, i32 0, i32 0 %57 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %57, i64 9, i32 1 %59 = bitcast %struct.spinlock* %55 to i8* %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %61 %62 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %63 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %62, i64 0, i32 30 %64 = bitcast i8** %63 to %struct.nfs_server.197100** %65 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %64, align 64 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page.694** %21, %struct.page.694*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 br i1 %31, label %164, label %66 %67 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %65, i64 0, i32 9 %68 = load i32, i32* %67, align 4 %69 = and i32 %68, 8 %70 = icmp eq i32 %69, 0 %71 = or i1 %70, %33 %72 = select i1 %70, i32 -95, i32 -34 br i1 %71, label %164, label %73 %74 = phi i32 [ %97, %86 ], [ 0, %66 ] %75 = phi %struct.page.694** [ %96, %86 ], [ %21, %66 ] %76 = phi i64 [ %95, %86 ], [ %2, %66 ] %77 = phi i8* [ %94, %86 ], [ %1, %66 ] %78 = icmp ult i64 %76, 4096 %79 = select i1 %78, i64 %76, i64 4096 %80 = call %struct.page.694* bitcast (%struct.page.39615* (i32, i32)* @alloc_pages_current to %struct.page.694* (i32, i32)*)(i32 6291648, i32 0) #69 %81 = icmp eq %struct.page.694* %80, null br i1 %81, label %82, label %86 %83 = icmp sgt i32 %74, 0 br i1 %83, label %84, label %164 %85 = zext i32 %74 to i64 br label %99 %100 = phi i64 [ %85, %84 ], [ %107, %99 ] %101 = phi i32 [ %74, %84 ], [ %102, %99 ] %102 = add nsw i32 %101, -1 %103 = zext i32 %102 to i64 %104 = getelementptr [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 %103 %105 = load %struct.page.694*, %struct.page.694** %104, align 8 call void bitcast (void (%struct.page.102549*, i32)* @__free_pages to void (%struct.page.694*, i32)*)(%struct.page.694* %105, i32 0) #69 %106 = icmp sgt i64 %100, 1 %107 = add nsw i64 %100, -1 br i1 %106, label %99, label %164 %165 = phi i32 [ %134, %161 ], [ -22, %61 ], [ %72, %66 ], [ %97, %108 ], [ -12, %82 ], [ -12, %99 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %166)) #6 to label %188 [label %166], !srcloc !8 switch i32 %165, label %189 [ i32 -10039, label %198 i32 -10041, label %198 ] %190 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %191 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %190, i64 0, i32 30 %192 = bitcast i8** %191 to %struct.nfs_server.197100** %193 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %192, align 64 %194 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %193, i32 %165, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %103 = phi i32 [ %92, %100 ], [ -12, %65 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %104)) #6 to label %126 [label %104], !srcloc !4 %127 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %128 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %127, i64 0, i32 30 %129 = bitcast i8** %128 to %struct.nfs_server.197100** %130 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %129, align 64 %131 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %130, i32 %103, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.694*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = bitcast %struct.page.694** %6 to i8* %10 = icmp ugt i32 %3, 4096 %11 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %15 store %struct.page.694* %2, %struct.page.694** %6, align 8 br i1 %10, label %72, label %16 %73 = phi i32 [ -36, %15 ], [ %71, %20 ], [ -12, %16 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %98 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %97, i64 0, i32 30 %99 = bitcast i8** %98 to %struct.nfs_server.197100** %100 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %99, align 64 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %100, i32 %73, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 br label %78 %79 = phi i32 [ 0, %56 ], [ %77, %76 ] %80 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %79, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 tail call void @nfs_inode_find_state_and_recover(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* nonnull %19) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.198646** %7 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %7, i64 0, i32 0 %9 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %8, align 8 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %12 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %11, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 18 %14 = bitcast %struct.anon.48* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = bitcast i8* %15 to %struct.anon.48* %17 = icmp eq %struct.anon.48* %13, %16 br i1 %17, label %107, label %18 %19 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %20 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %9, i64 0, i32 20 %21 = bitcast i64* %20 to i8* br label %22 %23 = phi i8* [ %15, %18 ], [ %104, %101 ] %24 = phi i8 [ 0, %18 ], [ %102, %101 ] %25 = getelementptr i8, i8* %23, i64 -32 %26 = bitcast i8* %25 to %struct.nfs4_state.198680** %27 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %26, align 8 %28 = icmp eq %struct.nfs4_state.198680* %27, null br i1 %28, label %101, label %29 %30 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %31 = tail call i32 @bcmp(i8* dereferenceable(12) %30, i8* dereferenceable(12) %19, i64 12) #6 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %44 %34 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %35 = load volatile i64, i64* %34, align 8 %36 = and i64 %35, 512 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %44 %45 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %46 = tail call i32 @bcmp(i8* dereferenceable(12) %45, i8* dereferenceable(12) %19, i64 12) #6 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %59 %49 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %50 = load volatile i64, i64* %49, align 8 %51 = and i64 %50, 512 %52 = icmp eq i64 %51, 0 br i1 %52, label %53, label %59 %60 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 5 %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %101, label %64 %65 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 6 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #69 %67 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %27, i64 0, i32 2 %68 = bitcast %struct.list_head* %67 to %struct.nfs4_lock_state.198705** %69 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %68, align 8 %70 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %69, i64 0, i32 0 %71 = icmp eq %struct.list_head* %70, %67 br i1 %71, label %87, label %72 %73 = phi %struct.nfs4_lock_state.198705* [ %84, %82 ], [ %69, %64 ] %74 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 2 %75 = load volatile i64, i64* %74, align 8 %76 = and i64 %75, 1 %77 = icmp eq i64 %76, 0 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %73, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %80 = tail call i32 @bcmp(i8* dereferenceable(12) %79, i8* dereferenceable(12) %19, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.197121** %6 = load %struct.nfs_unlinkdata.197121*, %struct.nfs_unlinkdata.197121** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.nfs_renamedata.197124** %7 = load %struct.nfs_renamedata.197124*, %struct.nfs_renamedata.197124** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %8, align 8 %10 = icmp eq %struct.nfs4_slot.197116* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %51 = load %struct.inode.733*, %struct.inode.733** %50, align 8 call void bitcast (void (%struct.inode.180634*)* @nfs_invalidate_atime to void (%struct.inode.733*)*)(%struct.inode.733* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %54 = bitcast {}** %53 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %55 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %7 = load %struct.super_block.720*, %struct.super_block.720** %6, align 8 %8 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.nfs_server.197100** %10 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %9, align 64 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %61 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %41 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %41, i64 0, i32 4 %43 = bitcast %struct.nfs4_state.197134** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.733** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 24 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.197148*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.197148* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %62 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %36 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %36, i64 0, i32 4 %38 = bitcast %struct.nfs4_state.197134** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.197148* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.733** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 8 %50 = load %struct.super_block.720*, %struct.super_block.720** %49, align 8 %51 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.nfs_server.197100** %53 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %52, align 64 %54 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.197100* %53, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %1, i64 0, i32 0 %6 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.733* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page.694*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.694*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 18 %56 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %55, i64 0, i32 0, i32 0 %57 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %57, i64 9, i32 1 %59 = bitcast %struct.spinlock* %55 to i8* %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %61 %62 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %63 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %62, i64 0, i32 30 %64 = bitcast i8** %63 to %struct.nfs_server.197100** %65 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %64, align 64 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page.694** %21, %struct.page.694*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 br i1 %31, label %164, label %66 %67 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %65, i64 0, i32 9 %68 = load i32, i32* %67, align 4 %69 = and i32 %68, 8 %70 = icmp eq i32 %69, 0 %71 = or i1 %70, %33 %72 = select i1 %70, i32 -95, i32 -34 br i1 %71, label %164, label %73 %74 = phi i32 [ %97, %86 ], [ 0, %66 ] %75 = phi %struct.page.694** [ %96, %86 ], [ %21, %66 ] %76 = phi i64 [ %95, %86 ], [ %2, %66 ] %77 = phi i8* [ %94, %86 ], [ %1, %66 ] %78 = icmp ult i64 %76, 4096 %79 = select i1 %78, i64 %76, i64 4096 %80 = call %struct.page.694* bitcast (%struct.page.39615* (i32, i32)* @alloc_pages_current to %struct.page.694* (i32, i32)*)(i32 6291648, i32 0) #69 %81 = icmp eq %struct.page.694* %80, null br i1 %81, label %82, label %86 %83 = icmp sgt i32 %74, 0 br i1 %83, label %84, label %164 %85 = zext i32 %74 to i64 br label %99 %100 = phi i64 [ %85, %84 ], [ %107, %99 ] %101 = phi i32 [ %74, %84 ], [ %102, %99 ] %102 = add nsw i32 %101, -1 %103 = zext i32 %102 to i64 %104 = getelementptr [16 x %struct.page.694*], [16 x %struct.page.694*]* %6, i64 0, i64 %103 %105 = load %struct.page.694*, %struct.page.694** %104, align 8 call void bitcast (void (%struct.page.102549*, i32)* @__free_pages to void (%struct.page.694*, i32)*)(%struct.page.694* %105, i32 0) #69 %106 = icmp sgt i64 %100, 1 %107 = add nsw i64 %100, -1 br i1 %106, label %99, label %164 %165 = phi i32 [ %134, %161 ], [ -22, %61 ], [ %72, %66 ], [ %97, %108 ], [ -12, %82 ], [ -12, %99 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %166)) #6 to label %188 [label %166], !srcloc !8 switch i32 %165, label %189 [ i32 -10039, label %198 i32 -10041, label %198 ] %190 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %191 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %190, i64 0, i32 30 %192 = bitcast i8** %191 to %struct.nfs_server.197100** %193 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %192, align 64 %194 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %193, i32 %165, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %103 = phi i32 [ %92, %100 ], [ -12, %65 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %104)) #6 to label %126 [label %104], !srcloc !4 %127 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %128 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %127, i64 0, i32 30 %129 = bitcast i8** %128 to %struct.nfs_server.197100** %130 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %129, align 64 %131 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %130, i32 %103, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.694*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = bitcast %struct.page.694** %6 to i8* %10 = icmp ugt i32 %3, 4096 %11 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %15 store %struct.page.694* %2, %struct.page.694** %6, align 8 br i1 %10, label %72, label %16 %73 = phi i32 [ -36, %15 ], [ %71, %20 ], [ -12, %16 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %98 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %97, i64 0, i32 30 %99 = bitcast i8** %98 to %struct.nfs_server.197100** %100 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %99, align 64 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %100, i32 %73, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 br label %78 %79 = phi i32 [ 0, %56 ], [ %77, %76 ] %80 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %79, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.197100* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %5 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %9 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, -15 store i8 %14, i8* %12, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %9, null %16 = icmp ne %struct.nfs4_state.197134* %7, null %17 = and i1 %16, %15 %18 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %7, i64 0, i32 8 %19 = select i1 %17, %struct.nfs4_stateid_struct* %18, %struct.nfs4_stateid_struct* %9 switch i32 %1, label %76 [ i32 0, label %90 i32 -10041, label %63 i32 -10039, label %63 i32 -10087, label %20 i32 -10047, label %20 i32 -10011, label %20 i32 -10025, label %20 i32 -10038, label %25 i32 -10023, label %44 i32 -10022, label %44 i32 -10019, label %45 i32 -10031, label %48 i32 -10046, label %49 i32 -10008, label %53 i32 -10013, label %58 i32 -10058, label %58 i32 -10061, label %58 i32 -10068, label %61 i32 -10024, label %61 ] %21 = icmp ne %struct.inode.733* %11, null %22 = icmp ne %struct.nfs4_stateid_struct* %19, null %23 = and i1 %21, %22 br i1 %23, label %24, label %25 %26 = icmp eq %struct.inode.733* %11, null br i1 %26, label %39, label %27 %28 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode.733* nonnull %11, %struct.nfs4_stateid_struct* %19) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %87, label %30 %31 = icmp eq %struct.nfs4_stateid_struct* %19, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %19, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 4 br i1 %35, label %36, label %39 %40 = icmp eq %struct.nfs4_state.197134* %7, null br i1 %40, label %79, label %41 %42 = tail call i32 bitcast (i32 (%struct.nfs_server.198646*, %struct.nfs4_state.198680*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.197100*, %struct.nfs4_state.197134*)*)(%struct.nfs_server.197100* %0, %struct.nfs4_state.197134* nonnull %7) #69 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %0, i64 0, i32 0 %4 = load %struct.nfs_client.198717*, %struct.nfs_client.198717** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i8 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.198717, %struct.nfs_client.198717* %4, i64 0, i32 20 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i8 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 4 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode.733* %18, %struct.nfs4_stateid_struct* %19) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %4 = load %struct.super_block.720*, %struct.super_block.720** %3, align 8 %5 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.201664** %7 = load %struct.nfs_server.201664*, %struct.nfs_server.201664** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.201664, %struct.nfs_server.201664* %7, i64 0, i32 0 %9 = load %struct.nfs_client.201732*, %struct.nfs_client.201732** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %11 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 25, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.201657* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.201657, %struct.nfs_delegation.201657* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %180, label %9 %10 = getelementptr inbounds %struct.inode.220487, %struct.inode.220487* %0, i64 0, i32 8 %11 = load %struct.super_block.220468*, %struct.super_block.220468** %10, align 8 %12 = getelementptr inbounds %struct.super_block.220468, %struct.super_block.220468* %11, i64 0, i32 12 %13 = load i64, i64* %12, align 32 %14 = icmp eq i64 %13, 391 br i1 %14, label %15, label %19 %20 = phi %struct.autofs_sb_info.220498* [ %18, %15 ], [ null, %9 ] %21 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %1, i64 0, i32 9 %22 = load %struct.super_block.220468*, %struct.super_block.220468** %21, align 8 %23 = getelementptr inbounds %struct.super_block.220468, %struct.super_block.220468* %22, i64 0, i32 12 %24 = load i64, i64* %23, align 32 %25 = icmp eq i64 %24, 391 br i1 %25, label %26, label %30 %27 = getelementptr inbounds %struct.super_block.220468, %struct.super_block.220468* %22, i64 0, i32 30 %28 = bitcast i8** %27 to %struct.autofs_sb_info.220498** %29 = load %struct.autofs_sb_info.220498*, %struct.autofs_sb_info.220498** %28, align 64 br label %30 %31 = phi %struct.autofs_sb_info.220498* [ %29, %26 ], [ null, %19 ] %32 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %1, i64 0, i32 3 %33 = load %struct.dentry.220491*, %struct.dentry.220491** %32, align 8 %34 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %1, i64 0, i32 4 %35 = bitcast %struct.qstr* %34 to i32* %36 = load i32, i32* %35, align 8 %37 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %1, i64 0, i32 4, i32 1 %38 = load i8*, i8** %37, align 8 %39 = getelementptr inbounds %struct.autofs_sb_info.220498, %struct.autofs_sb_info.220498* %31, i64 0, i32 17 %40 = bitcast %struct.list_head* %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = inttoptr i64 %41 to %struct.list_head* %43 = icmp eq %struct.list_head* %39, %42 br i1 %43, label %104, label %44 %45 = getelementptr inbounds %struct.autofs_sb_info.220498, %struct.autofs_sb_info.220498* %31, i64 0, i32 16 %46 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %45, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %46) #69 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %39 br i1 %49, label %99, label %50 %51 = zext i32 %7 to i64 br label %52 %53 = phi %struct.list_head* [ %48, %50 ], [ %97, %94 ] %54 = getelementptr %struct.list_head, %struct.list_head* %53, i64 -4, i32 1 %55 = bitcast %struct.list_head** %54 to %struct.dentry.220491** %56 = load %struct.dentry.220491*, %struct.dentry.220491** %55, align 8 %57 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %56, i64 0, i32 7, i32 0 %58 = bitcast %struct.anon.1* %57 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %58) #69 %59 = bitcast %struct.anon.1* %57 to %struct.swap_cluster_info* %60 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %59, i64 0, i32 1 %61 = load i32, i32* %60, align 4 %62 = icmp slt i32 %61, 1 br i1 %62, label %94, label %63 %64 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %56, i64 0, i32 4 %65 = bitcast %struct.qstr* %64 to %struct.util_est* %66 = bitcast %struct.qstr* %64 to i32* %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %36 br i1 %68, label %69, label %94 %70 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %56, i64 0, i32 3 %71 = load %struct.dentry.220491*, %struct.dentry.220491** %70, align 8 %72 = icmp eq %struct.dentry.220491* %71, %33 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.util_est, %struct.util_est* %65, i64 0, i32 1 %75 = load i32, i32* %74, align 4 %76 = icmp eq i32 %75, %7 br i1 %76, label %77, label %94 %78 = getelementptr inbounds %struct.dentry.220491, %struct.dentry.220491* %56, i64 0, i32 4, i32 1 %79 = load i8*, i8** %78, align 8 %80 = tail call i32 @bcmp(i8* %79, i8* %38, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 ksys_semget 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %35 = tail call i64 @ksys_semget(i32 %19, i32 %20, i32 %21) #69 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %6, i64 0, i32 85 %8 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 %11 = icmp slt i32 %1, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 2, i64 0 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, %1 br i1 %15, label %24, label %16 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %20 = bitcast %struct.anon.1* %19 to i32* store i32 %1, i32* %20, align 8 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 1, i64 0 %22 = call i32 @ipcget(%struct.ipc_namespace* %10, %struct.ipc_ids* %21, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %13, i64 0, i32 85 %15 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %17, i64 0, i32 1, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %17, %struct.ipc_ids.224019* %21, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %12, i64 0, i32 85 %14 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %19, align 8 %20 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %16, i64 0, i32 1, i64 2 %21 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %16, %struct.ipc_ids.224019* %20, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %60 = inttoptr i64 %53 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = and i64 %61, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %52, label %64 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 mls_sid_to_context 2 context_struct_to_string 3 security_sid_to_context_core 4 security_sid_to_context 5 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %8 = load %struct.inode.230528*, %struct.inode.230528** %7, align 8 %9 = getelementptr inbounds %struct.inode.230528, %struct.inode.230528* %8, i64 0, i32 8 %10 = load %struct.super_block.230514*, %struct.super_block.230514** %9, align 8 %11 = getelementptr inbounds %struct.super_block.230514, %struct.super_block.230514* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 64 %14 = bitcast i8** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = getelementptr inbounds %struct.inode.230528, %struct.inode.230528* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 10 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 @security_sid_to_context(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #69 Function:security_sid_to_context %5 = tail call fastcc i32 @security_sid_to_context_core(%struct.selinux_state* %0, i32 %1, i8** %2, i32* %3, i32 0) #69 Function:security_sid_to_context_core %6 = icmp eq i8** %2, null br i1 %6, label %8, label %7 store i32 0, i32* %3, align 4 %9 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %28 %29 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %30 = load %struct.selinux_ss*, %struct.selinux_ss** %29, align 8 %31 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %30, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %31) #70 %32 = load %struct.selinux_ss*, %struct.selinux_ss** %29, align 8 %33 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %32, i64 0, i32 1 %34 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %32, i64 0, i32 0 %35 = icmp eq i32 %4, 0 br i1 %35, label %38, label %36 %39 = tail call %struct.context* @sidtab_search(%struct.sidtab* %34, i32 %1) #70 br label %40 %41 = phi %struct.context* [ %37, %36 ], [ %39, %38 ] %42 = icmp eq %struct.context* %41, null br i1 %42, label %43, label %45 %46 = tail call fastcc i32 @context_struct_to_string(%struct.policydb* %33, %struct.context* nonnull %41, i8** %2, i32* %3) #69 Function:context_struct_to_string %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq i8** %2, null br i1 %7, label %8, label %12 store i8* null, i8** %2, align 8 store i32 0, i32* %3, align 4 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %17 %24 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %25 = load i32, i32* %24, align 8 %26 = add i32 %25, -1 %27 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 2, i64 4 %28 = load %struct.flex_array*, %struct.flex_array** %27, align 8 %29 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %28, i32 %26) #69 %30 = tail call i64 @strlen(i8* %29) #70 %31 = load i32, i32* %3, align 4 %32 = trunc i64 %30 to i32 %33 = add i32 %32, 1 %34 = add i32 %33, %31 store i32 %34, i32* %3, align 4 %35 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = add i32 %36, -1 %38 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 2, i64 2 %39 = load %struct.flex_array*, %struct.flex_array** %38, align 8 %40 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %39, i32 %37) #69 %41 = tail call i64 @strlen(i8* %40) #70 %42 = load i32, i32* %3, align 4 %43 = trunc i64 %41 to i32 %44 = add i32 %43, 1 %45 = add i32 %44, %42 store i32 %45, i32* %3, align 4 %46 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %47 = load i32, i32* %46, align 8 %48 = add i32 %47, -1 %49 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 2, i64 3 %50 = load %struct.flex_array*, %struct.flex_array** %49, align 8 %51 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %50, i32 %48) #69 %52 = tail call i64 @strlen(i8* %51) #70 %53 = load i32, i32* %3, align 4 %54 = trunc i64 %52 to i32 %55 = add i32 %54, 1 %56 = add i32 %55, %53 store i32 %56, i32* %3, align 4 %57 = tail call i32 @mls_compute_context_len(%struct.policydb* %0, %struct.context* %1) #69 %58 = load i32, i32* %3, align 4 %59 = add i32 %58, %57 store i32 %59, i32* %3, align 4 br i1 %7, label %81, label %60 %61 = zext i32 %59 to i64 %62 = tail call noalias align 8 i8* @__kmalloc(i64 %61, i32 4718624) #69 store i8* %62, i8** %5, align 8 %63 = icmp eq i8* %62, null br i1 %63, label %81, label %64 store i8* %62, i8** %2, align 8 %65 = load i32, i32* %24, align 8 %66 = add i32 %65, -1 %67 = load %struct.flex_array*, %struct.flex_array** %27, align 8 %68 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %67, i32 %66) #69 %69 = load i32, i32* %35, align 4 %70 = add i32 %69, -1 %71 = load %struct.flex_array*, %struct.flex_array** %38, align 8 %72 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %71, i32 %70) #69 %73 = load i32, i32* %46, align 8 %74 = add i32 %73, -1 %75 = load %struct.flex_array*, %struct.flex_array** %49, align 8 %76 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %75, i32 %74) #69 %77 = tail call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %62, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.31.21617, i64 0, i64 0), i8* %68, i8* %72, i8* %76) #70 %78 = sext i32 %77 to i64 %79 = getelementptr i8, i8* %62, i64 %78 store i8* %79, i8** %5, align 8 call void @mls_sid_to_context(%struct.policydb* %0, %struct.context* %1, i8** nonnull %5) #69 Function:mls_sid_to_context %4 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %157, label %7 %8 = load i8*, i8** %2, align 8 store i8 58, i8* %8, align 1 %9 = getelementptr i8, i8* %8, i64 1 %10 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0, i32 1 %11 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1, i32 1 %12 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 2, i64 6 %13 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 2, i64 7 %14 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0, i32 0 %15 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1, i32 0 br label %16 %17 = phi i64 [ 0, %7 ], [ %153, %151 ] %18 = phi i8* [ %9, %7 ], [ %152, %151 ] %19 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 %17, i32 0 %20 = load i32, i32* %19, align 8 %21 = add i32 %20, -1 %22 = load %struct.flex_array*, %struct.flex_array** %12, align 8 %23 = tail call i8* @flex_array_get_ptr(%struct.flex_array* %22, i32 %21) #69 %24 = tail call i8* @strcpy(i8* %18, i8* %23) #70 %25 = tail call i64 @strlen(i8* %18) #70 %26 = getelementptr i8, i8* %18, i64 %25 %27 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 %17, i32 1 %28 = bitcast %struct.ebitmap* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %139, label %31 %32 = phi i64 [ %40, %38 ], [ %29, %16 ] %33 = inttoptr i64 %32 to %struct.ebitmap_node* %34 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %33, i64 0, i32 1, i64 0 %35 = tail call i64 @find_first_bit(i64* %34, i64 384) #69 %36 = and i64 %35, 4294967168 %37 = icmp ult i64 %36, 384 br i1 %37, label %42, label %38 %39 = inttoptr i64 %32 to i64* %40 = load i64, i64* %39, align 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %139, label %31 %140 = phi i8* [ %138, %129 ], [ %84, %127 ], [ %26, %42 ], [ %26, %16 ], [ %26, %38 ] %141 = icmp eq i64 %17, 0 br i1 %141, label %142, label %151 %143 = load i32, i32* %14, align 8 %144 = load i32, i32* %15, align 8 %145 = icmp eq i32 %143, %144 br i1 %145, label %146, label %149 %147 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %10, %struct.ebitmap* %11) #69 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.356487, %struct.file.356487* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.356205** %9 = load %struct.seq_file.356205*, %struct.seq_file.356205** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.356205, %struct.seq_file.356205* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private** %12 = load %struct.drm_i915_private*, %struct.drm_i915_private** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %54, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %54 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.49.34570, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.2.38992, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.2.38992, i64 0, i64 0), i64 2) %31 = icmp eq i32 %30, 0 br i1 %31, label %35, label %32 %33 = call i32 @bcmp(i8* dereferenceable(3) %23, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.3.38993, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.17.39017, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.17.39017, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.17.39017, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.17.39017, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.2.38992, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.17.39017, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.38990, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.2.38992, i64 0, i64 0), i64 2) %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.3.38993, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %220 = call i32 @bcmp(i8* dereferenceable(3) %209, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.3.38993, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.19.39018, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.19.39018, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %257 = bitcast i32* %8 to i8* %258 = bitcast i32* %9 to i8* %259 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %260 = call i32 @bcmp(i8* dereferenceable(7) %259, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.39019, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.19.39018, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %323 = icmp eq i64 %206, 2338324113575339364 br i1 %323, label %324, label %370 %325 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %326 = bitcast i8* %325 to i32* %327 = load i32, i32* %326, align 8 %328 = icmp eq i32 %327, 1701736302 br i1 %328, label %338, label %329 %330 = trunc i32 %327 to i16 %331 = call i32 @bcmp(i8* dereferenceable(6) %325, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.39015, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.39016, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.19.39018, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %323 = icmp eq i64 %206, 2338324113575339364 br i1 %323, label %324, label %370 %325 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %326 = bitcast i8* %325 to i32* %327 = load i32, i32* %326, align 8 %328 = icmp eq i32 %327, 1701736302 br i1 %328, label %338, label %329 %330 = trunc i32 %327 to i16 %331 = call i32 @bcmp(i8* dereferenceable(6) %325, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.1.38994, i64 0, i64 0), i64 6) %332 = icmp eq i32 %331, 0 %333 = icmp eq i16 %330, 28521 %334 = or i1 %332, %333 br i1 %334, label %338, label %335 %336 = call i32 @bcmp(i8* dereferenceable(3) %325, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.3.38993, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.467659, %struct.device.467659* %0, i64 -2, i32 11, i32 6 %13 = bitcast %struct.wakeup_source** %12 to %struct.Scsi_Host.469432* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.41003, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #69 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.41004, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.467659, %struct.device.467659* %0, i64 -2, i32 11, i32 6 %13 = bitcast %struct.wakeup_source** %12 to %struct.Scsi_Host.469432* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.41003, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #69 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.41004, i64 0, i64 0), i64 2) #6 %22 = icmp eq i32 %21, 0 br i1 %22, label %29, label %23 %24 = call i64 @simple_strtoull(i8* nonnull %14, i8** nonnull %7, i32 0) #69 %25 = load i8*, i8** %7, align 8 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 %30 = phi i64 [ %24, %23 ], [ -1, %19 ] %31 = bitcast i8** %6 to i8* %32 = call i32 @bcmp(i8* nonnull dereferenceable(2) %15, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.41004, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_write ------------- Path:  Function:xhci_port_write %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file.40397, %struct.file.40397* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.40131** %8 = load %struct.seq_file.40131*, %struct.seq_file.40131** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.40131, %struct.seq_file.40131* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.xhci_port** %11 = load %struct.xhci_port*, %struct.xhci_port** %10, align 8 %12 = getelementptr inbounds %struct.xhci_port, %struct.xhci_port* %11, i64 0, i32 3 %13 = load %struct.xhci_hub*, %struct.xhci_hub** %12, align 8 %14 = getelementptr inbounds %struct.xhci_hub, %struct.xhci_hub* %13, i64 0, i32 2 %15 = load %struct.usb_hcd.510320*, %struct.usb_hcd.510320** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.usb_hcd.501418*)* @usb_hcd_is_primary_hcd to i32 (%struct.usb_hcd.510320*)*)(%struct.usb_hcd.510320* %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %22 = phi %struct.usb_hcd.510320* [ %20, %18 ], [ %15, %4 ] %23 = getelementptr inbounds %struct.usb_hcd.510320, %struct.usb_hcd.510320* %22, i64 0, i32 26, i64 0 %24 = bitcast i64* %23 to %struct.xhci_hcd* %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %26 = icmp ult i64 %2, 31 %27 = select i1 %26, i64 %2, i64 31 %28 = call i64 @_copy_from_user(i8* nonnull %25, i8* %1, i64 %27) #69 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %53 %31 = call i32 @bcmp(i8* nonnull dereferenceable(10) %25, i8* dereferenceable(10) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.203.47400, i64 0, i64 0), i64 10) ------------- Use: =BAD PATH= Call Stack: 0 efivar_validate 1 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.547321* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %110 %96 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %97 = bitcast %struct.uuid_t* %96 to i64* %98 = load i64, i64* %97, align 1 %99 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %100 = bitcast i8* %99 to i64* %101 = load i64, i64* %100, align 1 %102 = bitcast { i64, i64 }* %4 to i8* %103 = bitcast { i64, i64 }* %5 to i8* %104 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %83, i64* %104, align 8 %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %86, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %98, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %101, i64* %107, align 8 %108 = call i32 @bcmp(i8* nonnull dereferenceable(16) %102, i8* nonnull dereferenceable(16) %103, i64 16) #6 %109 = icmp eq i32 %108, 0 br i1 %109, label %112, label %110 %113 = icmp eq i64 %90, 0 %114 = icmp eq i32 %80, 0 %115 = or i1 %114, %113 br i1 %115, label %116, label %118 %119 = icmp ult i32 %80, 128 br i1 %119, label %120, label %122 %121 = tail call zeroext i1 @efivar_validate(i64 %83, i64 %86, i16* nonnull %87, i8* %91, i64 %90) #70 Function:efivar_validate %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = tail call i64 @ucs2_utf8size(i16* %2) #69 %9 = add i64 %8, 1 %10 = tail call noalias align 8 i8* @__kmalloc(i64 %9, i32 6291648) #69 %11 = icmp eq i8* %10, null br i1 %11, label %61, label %12 %13 = tail call i64 @ucs2_as_utf8(i8* nonnull %10, i16* %2, i64 %8) #69 %14 = getelementptr i8, i8* %10, i64 %8 store i8 0, i8* %14, align 1 %15 = bitcast { i64, i64 }* %6 to i8* %16 = bitcast { i64, i64 }* %7 to i8* %17 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %18 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %19 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 %20 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 br label %21 %22 = phi i64 [ 0, %12 ], [ %56, %55 ] %23 = phi i8* [ getelementptr inbounds ([9 x i8], [9 x i8]* @.str.6.51587, i64 0, i64 0), %12 ], [ %58, %55 ] %24 = getelementptr [17 x %struct.variable_validate], [17 x %struct.variable_validate]* @variable_validate, i64 0, i64 %22 %25 = bitcast %struct.variable_validate* %24 to i64* %26 = load i64, i64* %25, align 16 %27 = getelementptr [17 x %struct.variable_validate], [17 x %struct.variable_validate]* @variable_validate, i64 0, i64 %22, i32 0, i32 0, i64 8 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 store i64 %0, i64* %17, align 8 store i64 %1, i64* %18, align 8 store i64 %26, i64* %19, align 8 store i64 %29, i64* %20, align 8 %30 = call i32 @bcmp(i8* nonnull dereferenceable(16) %15, i8* nonnull dereferenceable(16) %16, i64 16) ------------- Use: =BAD PATH= Call Stack: 0 efivar_entry_find 1 efivar_entry_set 2 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 br i1 %64, label %67, label %65 %68 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 3, i64 0 %69 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %70 = load i32, i32* %31, align 1 %71 = zext i32 %70 to i64 %72 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 2 store i64 %71, i64* %72, align 1 %73 = load i32, i32* %21, align 1 %74 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 5 store i32 %73, i32* %74, align 1 br label %125 %126 = phi i64 [ %33, %67 ], [ %90, %124 ] %127 = phi i32 [ %22, %67 ], [ %80, %124 ] %128 = phi i8* [ %34, %67 ], [ %91, %124 ] %129 = tail call i32 @efivar_entry_set(%struct.efivar_entry.547321* nonnull %0, i32 %127, i64 %126, i8* %128, %struct.list_head* null) #70 Function:efivar_entry_set %6 = alloca { i64, i64 }, align 8 %7 = bitcast { i64, i64 }* %6 to %struct.uuid_t* %8 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 0, i64 0 %9 = bitcast { i64, i64 }* %6 to i8* %10 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %11 = tail call i32 @down_interruptible(%struct.semaphore* nonnull @efivars_lock) #69 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %49 %14 = load %struct.efivars.547318*, %struct.efivars.547318** @__efivars, align 8 %15 = icmp eq %struct.efivars.547318* %14, null br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.efivars.547318, %struct.efivars.547318* %14, i64 0, i32 2 %19 = load %struct.efivar_operations*, %struct.efivar_operations** %18, align 8 %20 = icmp eq %struct.list_head* %4, null br i1 %20, label %29, label %21 %22 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = tail call %struct.efivar_entry.547321* @efivar_entry_find(i16* %8, i64 %23, i64 %25, %struct.list_head* nonnull %4, i1 zeroext false) #70 Function:efivar_entry_find %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = bitcast %struct.list_head* %3 to i8** %9 = load i8*, i8** %8, align 8 %10 = bitcast i8* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %3 br i1 %11, label %65, label %12 %13 = bitcast i16* %0 to i8* %14 = bitcast { i64, i64 }* %6 to i8* %15 = bitcast { i64, i64 }* %7 to i8* %16 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %17 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %18 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 %19 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 br label %20 %21 = phi i8* [ %9, %12 ], [ %24, %45 ] %22 = getelementptr i8, i8* %21, i64 -2088 %23 = bitcast i8* %21 to i8** %24 = load i8*, i8** %23, align 8 %25 = tail call i64 @ucs2_strsize(i16* %0, i64 1024) #69 %26 = trunc i64 %25 to i32 %27 = bitcast i8* %22 to i16* %28 = tail call i64 @ucs2_strsize(i16* %27, i64 1024) #69 %29 = trunc i64 %28 to i32 %30 = icmp eq i32 %26, %29 br i1 %30, label %31, label %45 %32 = shl i64 %25, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i32 @bcmp(i8* %13, i8* %22, i64 %33) ------------- Use: =BAD PATH= Call Stack: 0 efivar_entry_find 1 efivar_entry_set 2 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 br i1 %64, label %67, label %65 %68 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 3, i64 0 %69 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %70 = load i32, i32* %31, align 1 %71 = zext i32 %70 to i64 %72 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 2 store i64 %71, i64* %72, align 1 %73 = load i32, i32* %21, align 1 %74 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 5 store i32 %73, i32* %74, align 1 br label %125 %126 = phi i64 [ %33, %67 ], [ %90, %124 ] %127 = phi i32 [ %22, %67 ], [ %80, %124 ] %128 = phi i8* [ %34, %67 ], [ %91, %124 ] %129 = tail call i32 @efivar_entry_set(%struct.efivar_entry.547321* nonnull %0, i32 %127, i64 %126, i8* %128, %struct.list_head* null) #70 Function:efivar_entry_set %6 = alloca { i64, i64 }, align 8 %7 = bitcast { i64, i64 }* %6 to %struct.uuid_t* %8 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 0, i64 0 %9 = bitcast { i64, i64 }* %6 to i8* %10 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %11 = tail call i32 @down_interruptible(%struct.semaphore* nonnull @efivars_lock) #69 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %49 %14 = load %struct.efivars.547318*, %struct.efivars.547318** @__efivars, align 8 %15 = icmp eq %struct.efivars.547318* %14, null br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.efivars.547318, %struct.efivars.547318* %14, i64 0, i32 2 %19 = load %struct.efivar_operations*, %struct.efivar_operations** %18, align 8 %20 = icmp eq %struct.list_head* %4, null br i1 %20, label %29, label %21 %22 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = tail call %struct.efivar_entry.547321* @efivar_entry_find(i16* %8, i64 %23, i64 %25, %struct.list_head* nonnull %4, i1 zeroext false) #70 Function:efivar_entry_find %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = bitcast %struct.list_head* %3 to i8** %9 = load i8*, i8** %8, align 8 %10 = bitcast i8* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %3 br i1 %11, label %65, label %12 %13 = bitcast i16* %0 to i8* %14 = bitcast { i64, i64 }* %6 to i8* %15 = bitcast { i64, i64 }* %7 to i8* %16 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %17 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %18 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 %19 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 br label %20 %21 = phi i8* [ %9, %12 ], [ %24, %45 ] %22 = getelementptr i8, i8* %21, i64 -2088 %23 = bitcast i8* %21 to i8** %24 = load i8*, i8** %23, align 8 %25 = tail call i64 @ucs2_strsize(i16* %0, i64 1024) #69 %26 = trunc i64 %25 to i32 %27 = bitcast i8* %22 to i16* %28 = tail call i64 @ucs2_strsize(i16* %27, i64 1024) #69 %29 = trunc i64 %28 to i32 %30 = icmp eq i32 %26, %29 br i1 %30, label %31, label %45 %32 = shl i64 %25, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i32 @bcmp(i8* %13, i8* %22, i64 %33) %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %45 %37 = getelementptr i8, i8* %21, i64 -1064 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = getelementptr i8, i8* %21, i64 -1056 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 store i64 %1, i64* %16, align 8 store i64 %2, i64* %17, align 8 store i64 %39, i64* %18, align 8 store i64 %42, i64* %19, align 8 %43 = call i32 @bcmp(i8* nonnull dereferenceable(16) %14, i8* nonnull dereferenceable(16) %15, i64 16) ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.547321* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.547321* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %110 %96 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %97 = bitcast %struct.uuid_t* %96 to i64* %98 = load i64, i64* %97, align 1 %99 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %100 = bitcast i8* %99 to i64* %101 = load i64, i64* %100, align 1 %102 = bitcast { i64, i64 }* %4 to i8* %103 = bitcast { i64, i64 }* %5 to i8* %104 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %83, i64* %104, align 8 %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %86, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %98, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %101, i64* %107, align 8 %108 = call i32 @bcmp(i8* nonnull dereferenceable(16) %102, i8* nonnull dereferenceable(16) %103, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %213 = inttoptr i64 %43 to %struct.user_msghdr* %214 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %215 = load i64, i64* %214, align 16 %216 = trunc i64 %215 to i32 %217 = bitcast %struct.msghdr.230061* %5 to i8* %218 = icmp sgt i32 %216, -1 br i1 %218, label %219, label %247 %220 = trunc i64 %41 to i32 %221 = call i64 @__fdget(i32 %220) #69 %222 = and i64 %221, -4 %223 = inttoptr i64 %222 to %struct.file.230059* %224 = trunc i64 %221 to i32 %225 = icmp eq i64 %222, 0 br i1 %225, label %247, label %226 %227 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 3 %228 = load %struct.file_operations.230044*, %struct.file_operations.230044** %227, align 8 %229 = icmp eq %struct.file_operations.230044* %228, @socket_file_ops br i1 %229, label %230, label %235 %231 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 16 %232 = bitcast i8** %231 to %struct.socket.230347** %233 = load %struct.socket.230347*, %struct.socket.230347** %232, align 8 %234 = icmp eq %struct.socket.230347* %233, null br i1 %234, label %235, label %240, !prof !6, !misexpect !8 %241 = and i32 %224, 1 %242 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %233, %struct.user_msghdr* %213, %struct.msghdr.230061* nonnull %5, i32 %216, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %213 = inttoptr i64 %43 to %struct.user_msghdr* %214 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %215 = load i64, i64* %214, align 16 %216 = trunc i64 %215 to i32 %217 = bitcast %struct.msghdr.230061* %5 to i8* %218 = icmp sgt i32 %216, -1 br i1 %218, label %219, label %247 %220 = trunc i64 %41 to i32 %221 = call i64 @__fdget(i32 %220) #69 %222 = and i64 %221, -4 %223 = inttoptr i64 %222 to %struct.file.230059* %224 = trunc i64 %221 to i32 %225 = icmp eq i64 %222, 0 br i1 %225, label %247, label %226 %227 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 3 %228 = load %struct.file_operations.230044*, %struct.file_operations.230044** %227, align 8 %229 = icmp eq %struct.file_operations.230044* %228, @socket_file_ops br i1 %229, label %230, label %235 %231 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 16 %232 = bitcast i8** %231 to %struct.socket.230347** %233 = load %struct.socket.230347*, %struct.socket.230347** %232, align 8 %234 = icmp eq %struct.socket.230347* %233, null br i1 %234, label %235, label %240, !prof !6, !misexpect !8 %241 = and i32 %224, 1 %242 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %233, %struct.user_msghdr* %213, %struct.msghdr.230061* nonnull %5, i32 %216, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __sys_sendmmsg 2 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %228 = zext i32 %92 to i64 %229 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %230 = load i32, i32* %229, align 8 %231 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %232 = load i32, i32* %231, align 4 %233 = inttoptr i64 %228 to %struct.mmsghdr* %234 = or i32 %232, -2147483648 %235 = call i32 @__sys_sendmmsg(i32 %90, %struct.mmsghdr* %233, i32 %230, i32 %234, i1 zeroext false) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __sys_sendmmsg 2 __ia32_compat_sys_sendmmsg ------------- Path:  Function:__ia32_compat_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = inttoptr i64 %6 to %struct.mmsghdr* %15 = or i32 %13, -2147483648 %16 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %14, i32 %12, i32 %15, i1 zeroext false) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __sys_sendmmsg 2 __ia32_sys_sendmmsg ------------- Path:  Function:__ia32_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.mmsghdr* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %12, i32 %13, i32 %14, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __sys_sendmmsg 2 __x64_sys_sendmmsg ------------- Path:  Function:__x64_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.mmsghdr** %6 = load %struct.mmsghdr*, %struct.mmsghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %6, i32 %12, i32 %13, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __ia32_sys_sendmsg ------------- Path:  Function:__ia32_sys_sendmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %7 to %struct.user_msghdr* %11 = trunc i64 %9 to i32 %12 = bitcast %struct.msghdr.230061* %2 to i8* %13 = icmp sgt i32 %11, -1 br i1 %13, label %14, label %45 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %42, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %10, %struct.msghdr.230061* nonnull %2, i32 %11, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __x64_sys_sendmsg ------------- Path:  Function:__x64_sys_sendmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.user_msghdr** %7 = load %struct.user_msghdr*, %struct.user_msghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.msghdr.230061* %2 to i8* %12 = icmp sgt i32 %10, -1 br i1 %12, label %13, label %44 %14 = trunc i64 %4 to i32 %15 = tail call i64 @__fdget(i32 %14) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.230059* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %41, label %20 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 3 %22 = load %struct.file_operations.230044*, %struct.file_operations.230044** %21, align 8 %23 = icmp eq %struct.file_operations.230044* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.230347** %27 = load %struct.socket.230347*, %struct.socket.230347** %26, align 8 %28 = icmp eq %struct.socket.230347* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %27, %struct.user_msghdr* %7, %struct.msghdr.230061* nonnull %2, i32 %10, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 ___sys_sendmsg 1 __sys_sendmsg 2 __ia32_compat_sys_sendmsg ------------- Path:  Function:__ia32_compat_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.msghdr.230061, align 8 %6 = bitcast %struct.msghdr.230061* %5 to i8* %7 = xor i1 %3, true %8 = icmp sgt i32 %2, -1 %9 = or i1 %8, %7 br i1 %9, label %10, label %40 %11 = tail call i64 @__fdget(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.230059* %14 = trunc i64 %11 to i32 %15 = icmp eq i64 %12, 0 br i1 %15, label %37, label %16 %17 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 3 %18 = load %struct.file_operations.230044*, %struct.file_operations.230044** %17, align 8 %19 = icmp eq %struct.file_operations.230044* %18, @socket_file_ops br i1 %19, label %20, label %25 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 16 %22 = bitcast i8** %21 to %struct.socket.230347** %23 = load %struct.socket.230347*, %struct.socket.230347** %22, align 8 %24 = icmp eq %struct.socket.230347* %23, null br i1 %24, label %25, label %30, !prof !4, !misexpect !5 %31 = and i32 %14, 1 %32 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %23, %struct.user_msghdr* %1, %struct.msghdr.230061* nonnull %5, i32 %2, %struct.used_address* null, i32 0) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %23 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.230061* %2, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #70 br label %24 %25 = phi i32 [ %21, %19 ], [ %23, %22 ] %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %31, 2147483647 br i1 %32, label %144, label %33 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 5 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, %5 %37 = or i32 %36, %3 %38 = trunc i64 %31 to i32 %39 = icmp slt i32 %37, 0 %40 = icmp ne i32 %38, 0 %41 = and i1 %40, %39 br i1 %41, label %42, label %53 br i1 %40, label %54, label %68 %69 = phi i8* [ %50, %48 ], [ %62, %67 ], [ %15, %53 ] %70 = phi i32 [ %52, %48 ], [ %38, %67 ], [ 0, %53 ] store i32 %37, i32* %34, align 8 %71 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 4 %72 = load %struct.file.230059*, %struct.file.230059** %71, align 8 %73 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %72, i64 0, i32 7 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2048 %76 = icmp eq i32 %75, 0 br i1 %76, label %79, label %77 %80 = icmp ne %struct.used_address* %4, null br i1 %80, label %81, label %107 %82 = load i8*, i8** %16, align 8 %83 = icmp eq i8* %82, null br i1 %83, label %107, label %84 %85 = getelementptr inbounds %struct.used_address, %struct.used_address* %4, i64 0, i32 1 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 1 %88 = load i32, i32* %87, align 8 %89 = icmp eq i32 %86, %88 br i1 %89, label %90, label %107 %91 = bitcast %struct.used_address* %4 to i8* %92 = zext i32 %86 to i64 %93 = call i32 @bcmp(i8* nonnull %91, i8* nonnull %82, i64 %92) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_create 1 ip6_neigh_lookup 2 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 6 %5 = bitcast i32 (%struct.net.684933*, %struct.sock.685106*, %struct.sk_buff.684681*)** %4 to %struct.in6_addr* %6 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %7 = load %struct.net_device.684854*, %struct.net_device.684854** %6, align 8 %8 = tail call %struct.neighbour.684699* @ip6_neigh_lookup(%struct.in6_addr* %5, %struct.net_device.684854* %7, %struct.sk_buff.684681* %1, i8* %2) #69 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.684694** getelementptr inbounds (%struct.neigh_table.684695, %struct.neigh_table.684695* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i64 0, i32 25) to i64*), align 8 %27 = inttoptr i64 %26 to %struct.neigh_hash_table.684694* %28 = getelementptr inbounds %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 2, i64 0 %29 = bitcast i8* %25 to i32* %30 = load i32, i32* %29, align 4 %31 = ptrtoint %struct.net_device.684854* %1 to i64 %32 = lshr i64 %31, 32 %33 = xor i64 %32, %31 %34 = trunc i64 %33 to i32 %35 = xor i32 %30, %34 %36 = load i32, i32* %28, align 4 %37 = mul i32 %35, %36 %38 = getelementptr i8, i8* %25, i64 4 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 4 %41 = getelementptr %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 2, i64 1 %42 = load i32, i32* %41, align 4 %43 = mul i32 %42, %40 %44 = add i32 %43, %37 %45 = getelementptr i8, i8* %25, i64 8 %46 = bitcast i8* %45 to i32* %47 = load i32, i32* %46, align 4 %48 = getelementptr %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 2, i64 2 %49 = load i32, i32* %48, align 4 %50 = mul i32 %49, %47 %51 = add i32 %44, %50 %52 = getelementptr i8, i8* %25, i64 12 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = getelementptr %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 2, i64 3 %56 = load i32, i32* %55, align 4 %57 = mul i32 %56, %54 %58 = add i32 %51, %57 %59 = getelementptr inbounds %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 1 %60 = load i32, i32* %59, align 8 %61 = sub i32 32, %60 %62 = lshr i32 %58, %61 %63 = getelementptr inbounds %struct.neigh_hash_table.684694, %struct.neigh_hash_table.684694* %27, i64 0, i32 0 %64 = load %struct.neighbour.684699**, %struct.neighbour.684699*** %63, align 8 %65 = zext i32 %62 to i64 %66 = getelementptr %struct.neighbour.684699*, %struct.neighbour.684699** %64, i64 %65 %67 = bitcast %struct.neighbour.684699** %66 to i64* %68 = load volatile i64, i64* %67, align 8 %69 = inttoptr i64 %68 to %struct.neighbour.684699* %70 = icmp eq i64 %68, 0 br i1 %70, label %103, label %71 %72 = phi %struct.neighbour.684699* [ %101, %98 ], [ %69, %24 ] %73 = phi i64 [ %100, %98 ], [ %68, %24 ] %74 = getelementptr inbounds %struct.neighbour.684699, %struct.neighbour.684699* %72, i64 0, i32 22 %75 = load %struct.net_device.684854*, %struct.net_device.684854** %74, align 8 %76 = icmp eq %struct.net_device.684854* %75, %1 br i1 %76, label %77, label %98 %78 = getelementptr inbounds %struct.neighbour.684699, %struct.neighbour.684699* %72, i64 0, i32 23, i64 0 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %30 %82 = getelementptr %struct.neighbour.684699, %struct.neighbour.684699* %72, i64 0, i32 23, i64 4 %83 = bitcast i8* %82 to i32* %84 = load i32, i32* %83, align 4 %85 = xor i32 %84, %40 %86 = or i32 %85, %81 %87 = getelementptr %struct.neighbour.684699, %struct.neighbour.684699* %72, i64 0, i32 23, i64 8 %88 = bitcast i8* %87 to i32* %89 = load i32, i32* %88, align 4 %90 = xor i32 %89, %47 %91 = or i32 %86, %90 %92 = getelementptr %struct.neighbour.684699, %struct.neighbour.684699* %72, i64 0, i32 23, i64 12 %93 = bitcast i8* %92 to i32* %94 = load i32, i32* %93, align 4 %95 = xor i32 %94, %54 %96 = or i32 %91, %95 %97 = icmp eq i32 %96, 0 br i1 %97, label %103, label %98 %99 = inttoptr i64 %73 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.neighbour.684699* %102 = icmp eq i64 %100, 0 br i1 %102, label %123, label %71 tail call fastcc void @local_bh_enable.58737() #69 %124 = tail call %struct.neighbour.684699* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*, i1)* @__neigh_create to %struct.neighbour.684699* (%struct.neigh_table.684695*, i8*, %struct.net_device.684854*, i1)*)(%struct.neigh_table.684695* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i8* %25, %struct.net_device.684854* %1, i1 zeroext true) #69 Function:__neigh_create %5 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 2 %6 = load i32, i32* %5, align 8 %7 = load volatile i64, i64* @jiffies, align 64 %8 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 21, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 16 %11 = load i32, i32* %10, align 4 %12 = icmp slt i32 %9, %11 br i1 %12, label %13, label %23 %14 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 15 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %9, %15 br i1 %16, label %115, label %17 %116 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 55 %119 = load i16, i16* %118, align 2 %120 = zext i16 %119 to i32 %121 = add i32 %117, %120 %122 = zext i32 %121 to i64 %123 = tail call noalias align 8 i8* @__kmalloc(i64 %122, i32 4751392) #69 %124 = icmp eq i8* %123, null br i1 %124, label %125, label %126 %127 = bitcast i8* %123 to %struct.neighbour.588877* %128 = getelementptr inbounds i8, i8* %123, i64 56 %129 = bitcast i8* %128 to i8** store i8* %128, i8** %129, align 8 %130 = getelementptr inbounds i8, i8* %123, i64 64 %131 = bitcast i8* %130 to i8** store i8* %128, i8** %131, align 8 %132 = getelementptr inbounds i8, i8* %123, i64 72 %133 = bitcast i8* %132 to i32* store i32 0, i32* %133, align 8 %134 = getelementptr inbounds i8, i8* %123, i64 40 %135 = bitcast i8* %134 to i32* store i32 0, i32* %135, align 8 %136 = getelementptr inbounds i8, i8* %123, i64 44 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 4 %138 = getelementptr inbounds i8, i8* %123, i64 144 %139 = bitcast i8* %138 to i32* store i32 0, i32* %139, align 8 %140 = getelementptr inbounds i8, i8* %123, i64 148 %141 = bitcast i8* %140 to i32* store i32 0, i32* %141, align 4 %142 = getelementptr inbounds i8, i8* %123, i64 128 %143 = bitcast i8* %142 to i64* store i64 %7, i64* %143, align 8 %144 = getelementptr inbounds i8, i8* %123, i64 32 %145 = bitcast i8* %144 to i64* store i64 %7, i64* %145, align 8 %146 = getelementptr inbounds i8, i8* %123, i64 141 store i8 0, i8* %146, align 1 %147 = getelementptr inbounds i8, i8* %123, i64 296 %148 = bitcast i8* %147 to i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** store i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)* @neigh_blackhole, i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** %148, align 8 %149 = getelementptr inbounds i8, i8* %123, i64 188 %150 = bitcast i8* %149 to i32* store i32 0, i32* %150, align 4 %151 = getelementptr inbounds i8, i8* %123, i64 192 %152 = bitcast i8* %151 to i32* store i32 0, i32* %152, align 8 %153 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11 %154 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11, i32 8, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %154, i32* %154) #6, !srcloc !12 %155 = getelementptr inbounds i8, i8* %123, i64 16 %156 = bitcast i8* %155 to %struct.neigh_parms.589003** store %struct.neigh_parms.589003* %153, %struct.neigh_parms.589003** %156, align 8 %157 = getelementptr inbounds i8, i8* %123, i64 88 %158 = bitcast i8* %157 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %158, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %159 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 24 %160 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %161 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %160, i64 0, i32 0 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %161, i64* %161) #6, !srcloc !13 %162 = getelementptr inbounds i8, i8* %123, i64 8 %163 = bitcast i8* %162 to %struct.neigh_table.588874** store %struct.neigh_table.588874* %0, %struct.neigh_table.588874** %163, align 8 %164 = getelementptr inbounds i8, i8* %123, i64 48 %165 = bitcast i8* %164 to i32* store volatile i32 1, i32* %165, align 8 %166 = getelementptr inbounds i8, i8* %123, i64 143 store i8 1, i8* %166, align 1 %167 = getelementptr inbounds i8, i8* %123, i64 336 %168 = zext i32 %6 to i64 %169 = getelementptr inbounds i8, i8* %123, i64 328 %170 = bitcast i8* %169 to %struct.net_device.589093** store %struct.net_device.589093* %2, %struct.net_device.589093** %170, align 8 %171 = icmp eq %struct.net_device.589093* %2, null br i1 %171, label %175, label %172 %176 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 6 %177 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %176, align 8 %178 = icmp eq i32 (%struct.neighbour.588877*)* %177, null br i1 %178, label %185, label %179 %186 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 30 %187 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %186, align 8 %188 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %187, i64 0, i32 43 %189 = load i32 (%struct.net_device.589093*, %struct.neighbour.588877*)*, i32 (%struct.net_device.589093*, %struct.neighbour.588877*)** %188, align 8 %190 = icmp eq i32 (%struct.net_device.589093*, %struct.neighbour.588877*)* %189, null br i1 %190, label %197, label %191 %198 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %199 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %198, i64 0, i32 3 %200 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour.588877*)* %200, null br i1 %201, label %210, label %202 %203 = tail call i32 %200(%struct.neighbour.588877* nonnull %127) #69 %204 = icmp slt i32 %203, 0 br i1 %204, label %207, label %205 %206 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 br label %210 %211 = phi %struct.neigh_parms.589003* [ %206, %205 ], [ %198, %197 ] %212 = load volatile i64, i64* @jiffies, align 64 %213 = getelementptr %struct.neigh_parms.589003, %struct.neigh_parms.589003* %211, i64 0, i32 11, i64 5 %214 = load i32, i32* %213, align 4 %215 = shl i32 %214, 1 %216 = sext i32 %215 to i64 %217 = sub i64 %212, %216 %218 = getelementptr inbounds i8, i8* %123, i64 24 %219 = bitcast i8* %218 to i64* store i64 %217, i64* %219, align 8 %220 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 22 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %220) #69 %221 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 25 %222 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %223 = load volatile i32, i32* %8, align 4 %224 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %222, i64 0, i32 1 %225 = load i32, i32* %224, align 8 %226 = shl nuw i32 1, %225 %227 = icmp sgt i32 %223, %226 br i1 %227, label %228, label %281 %229 = add i32 %225, 1 %230 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %231 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %230, i64 0, i32 2 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %231, i64* %231) #6, !srcloc !15 %232 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %233 = tail call fastcc %struct.neigh_hash_table.588873* @neigh_hash_alloc(i32 %229) #69 %234 = icmp eq %struct.neigh_hash_table.588873* %233, null br i1 %234, label %281, label %235 %236 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 1 %237 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 0 %238 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %239 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 2, i64 0 %240 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 1 %241 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 0 br label %242 %243 = phi i32 [ 0, %235 ], [ %273, %272 ] %244 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %237, align 8 %245 = zext i32 %243 to i64 %246 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %244, i64 %245 %247 = load %struct.neighbour.588877*, %struct.neighbour.588877** %246, align 8 %248 = icmp eq %struct.neighbour.588877* %247, null br i1 %248, label %272, label %249 %250 = phi %struct.neighbour.588877* [ %260, %249 ], [ %247, %242 ] %251 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %238, align 8 %252 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 23, i64 0 %253 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 22 %254 = load %struct.net_device.589093*, %struct.net_device.589093** %253, align 8 %255 = tail call i32 %251(i8* %252, %struct.net_device.589093* %254, i32* %239) #69 %256 = load i32, i32* %240, align 8 %257 = sub i32 32, %256 %258 = lshr i32 %255, %257 %259 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 0 %260 = load %struct.neighbour.588877*, %struct.neighbour.588877** %259, align 8 %261 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %262 = zext i32 %258 to i64 %263 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %261, i64 %262 %264 = bitcast %struct.neighbour.588877** %263 to i64* %265 = load i64, i64* %264, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %266 = bitcast %struct.neighbour.588877* %250 to i64* store volatile i64 %265, i64* %266, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %267 = ptrtoint %struct.neighbour.588877* %250 to i64 %268 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %269 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %268, i64 %262 %270 = bitcast %struct.neighbour.588877** %269 to i64* store volatile i64 %267, i64* %270, align 8 %271 = icmp eq %struct.neighbour.588877* %260, null br i1 %271, label %272, label %249 %273 = add i32 %243, 1 %274 = load i32, i32* %236, align 8 %275 = lshr i32 %273, %274 %276 = icmp eq i32 %275, 0 br i1 %276, label %242, label %277 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %278 = ptrtoint %struct.neigh_hash_table.588873* %233 to i64 %279 = bitcast %struct.neigh_hash_table.588873** %221 to i64* store volatile i64 %278, i64* %279, align 8 %280 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 3 tail call void @call_rcu_sched(%struct.callback_head* %280, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %281 %282 = phi %struct.neigh_hash_table.588873* [ %222, %210 ], [ %233, %277 ], [ %232, %228 ] %283 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %284 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %283, align 8 %285 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 2, i64 0 %286 = tail call i32 %284(i8* %167, %struct.net_device.589093* %2, i32* %285) #69 %287 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %288 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %287, i64 0, i32 7 %289 = load i32, i32* %288, align 8 %290 = icmp eq i32 %289, 0 br i1 %290, label %291, label %332 %292 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 1 %293 = load i32, i32* %292, align 8 %294 = sub i32 32, %293 %295 = lshr i32 %286, %294 %296 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 0 %297 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %296, align 8 %298 = zext i32 %295 to i64 %299 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %297, i64 %298 %300 = load %struct.neighbour.588877*, %struct.neighbour.588877** %299, align 8 %301 = icmp eq %struct.neighbour.588877* %300, null br i1 %301, label %318, label %302 %303 = phi %struct.neighbour.588877* [ %316, %314 ], [ %300, %291 ] %304 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 22 %305 = load %struct.net_device.589093*, %struct.net_device.589093** %304, align 8 %306 = icmp eq %struct.net_device.589093* %305, %2 br i1 %306, label %307, label %314 %308 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 23, i64 0 %309 = tail call i32 @bcmp(i8* %308, i8* %167, i64 %168) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_create 1 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.ndisc_options, align 8 %6 = bitcast %struct.netevent_redirect* %4 to i8* %7 = bitcast %struct.ndisc_options* %5 to i8* %8 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 38 %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 36 %11 = load i32, i32* %10, align 8 %12 = zext i32 %11 to i64 %13 = getelementptr i8, i8* %9, i64 %12 %14 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 32 %15 = load i16, i16* %14, align 2 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %9, i64 %16 %18 = ptrtoint i8* %13 to i64 %19 = ptrtoint i8* %17 to i64 %20 = sub i64 %18, %19 %21 = trunc i64 %20 to i32 %22 = add i32 %21, -40 %23 = icmp slt i32 %22, 0 br i1 %23, label %162, label %24 %25 = getelementptr inbounds i8, i8* %17, i64 24 %26 = bitcast i8* %25 to %struct.in6_addr* %27 = bitcast i8* %25 to i32* %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 255 %30 = icmp eq i32 %29, 255 br i1 %30, label %162, label %31 %32 = getelementptr inbounds i8, i8* %17, i64 8 %33 = bitcast i8* %25 to i64* %34 = bitcast i8* %32 to i64* %35 = load i64, i64* %33, align 8 %36 = load i64, i64* %34, align 8 %37 = getelementptr i8, i8* %25, i64 8 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = getelementptr i8, i8* %32, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %35, %36 %44 = icmp eq i64 %39, %42 %45 = and i1 %43, %44 br i1 %45, label %51, label %46 %52 = phi i1 [ true, %46 ], [ false, %31 ] %53 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %54 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %55 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %54, i64 0, i32 68 %56 = bitcast %struct.inet6_dev.684771** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = inttoptr i64 %57 to %struct.inet6_dev.684771* %59 = icmp eq i64 %57, 0 br i1 %59, label %162, label %60 %61 = getelementptr inbounds %struct.inet6_dev.684771, %struct.inet6_dev.684771* %58, i64 0, i32 26, i32 0 %62 = load i32, i32* %61, align 8 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %162 %65 = getelementptr inbounds %struct.inet6_dev.684771, %struct.inet6_dev.684771* %58, i64 0, i32 26, i32 4 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %162, label %68 %69 = getelementptr inbounds i8, i8* %17, i64 40 %70 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.687103*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.684854*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.684854* %54, i8* %69, i32 %22, %struct.ndisc_options* nonnull %5) #69 %71 = icmp eq %struct.ndisc_options* %70, null br i1 %71, label %162, label %72 %73 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %5, i64 0, i32 0, i64 2 %74 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %73, align 8 %75 = icmp eq %struct.nd_opt_hdr* %74, null br i1 %75, label %98, label %76 %77 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %78 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %77, i64 0, i32 52 %79 = load i8, i8* %78, align 1 %80 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %77, i64 0, i32 45 %81 = load i16, i16* %80, align 4 %82 = icmp eq i16 %81, 32 %83 = select i1 %82, i32 2, i32 0 %84 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %74, i64 0, i32 1 %85 = load i8, i8* %84, align 1 %86 = zext i8 %85 to i32 %87 = shl nuw nsw i32 %86, 3 %88 = zext i8 %79 to i32 %89 = or i32 %83, 9 %90 = add nuw nsw i32 %89, %88 %91 = and i32 %90, 504 %92 = icmp ne i32 %87, %91 %93 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %74, i64 1, i32 0 %94 = zext i32 %83 to i64 %95 = getelementptr i8, i8* %93, i64 %94 %96 = icmp eq i8* %95, null %97 = or i1 %96, %92 br i1 %97, label %162, label %98 %99 = phi i8* [ %95, %76 ], [ null, %72 ] %100 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %101 = bitcast i64* %100 to i32* %102 = load i32, i32* %101, align 8 %103 = and i32 %102, 512 %104 = icmp eq i32 %103, 0 br i1 %104, label %105, label %162 %106 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %107 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %106, align 8 %108 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %107, i64 0, i32 15 %109 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %108, align 16 %110 = icmp eq void (%struct.dst_entry.684758*, i8*)* %109, null br i1 %110, label %118, label %111 %119 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %120 = call %struct.neighbour.684699* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*)* @neigh_lookup to %struct.neighbour.684699* (%struct.neigh_table.684695*, i8*, %struct.net_device.684854*)*)(%struct.neigh_table.684695* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i8* %32, %struct.net_device.684854* %119) #69 %121 = icmp eq %struct.neighbour.684699* %120, null br i1 %121, label %122, label %127 %123 = call %struct.neighbour.684699* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*, i1)* @__neigh_create to %struct.neighbour.684699* (%struct.neigh_table.684695*, i8*, %struct.net_device.684854*, i1)*)(%struct.neigh_table.684695* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i8* %32, %struct.net_device.684854* %119, i1 zeroext true) #69 Function:__neigh_create %5 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 2 %6 = load i32, i32* %5, align 8 %7 = load volatile i64, i64* @jiffies, align 64 %8 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 21, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 16 %11 = load i32, i32* %10, align 4 %12 = icmp slt i32 %9, %11 br i1 %12, label %13, label %23 %14 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 15 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %9, %15 br i1 %16, label %115, label %17 %116 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 55 %119 = load i16, i16* %118, align 2 %120 = zext i16 %119 to i32 %121 = add i32 %117, %120 %122 = zext i32 %121 to i64 %123 = tail call noalias align 8 i8* @__kmalloc(i64 %122, i32 4751392) #69 %124 = icmp eq i8* %123, null br i1 %124, label %125, label %126 %127 = bitcast i8* %123 to %struct.neighbour.588877* %128 = getelementptr inbounds i8, i8* %123, i64 56 %129 = bitcast i8* %128 to i8** store i8* %128, i8** %129, align 8 %130 = getelementptr inbounds i8, i8* %123, i64 64 %131 = bitcast i8* %130 to i8** store i8* %128, i8** %131, align 8 %132 = getelementptr inbounds i8, i8* %123, i64 72 %133 = bitcast i8* %132 to i32* store i32 0, i32* %133, align 8 %134 = getelementptr inbounds i8, i8* %123, i64 40 %135 = bitcast i8* %134 to i32* store i32 0, i32* %135, align 8 %136 = getelementptr inbounds i8, i8* %123, i64 44 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 4 %138 = getelementptr inbounds i8, i8* %123, i64 144 %139 = bitcast i8* %138 to i32* store i32 0, i32* %139, align 8 %140 = getelementptr inbounds i8, i8* %123, i64 148 %141 = bitcast i8* %140 to i32* store i32 0, i32* %141, align 4 %142 = getelementptr inbounds i8, i8* %123, i64 128 %143 = bitcast i8* %142 to i64* store i64 %7, i64* %143, align 8 %144 = getelementptr inbounds i8, i8* %123, i64 32 %145 = bitcast i8* %144 to i64* store i64 %7, i64* %145, align 8 %146 = getelementptr inbounds i8, i8* %123, i64 141 store i8 0, i8* %146, align 1 %147 = getelementptr inbounds i8, i8* %123, i64 296 %148 = bitcast i8* %147 to i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** store i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)* @neigh_blackhole, i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** %148, align 8 %149 = getelementptr inbounds i8, i8* %123, i64 188 %150 = bitcast i8* %149 to i32* store i32 0, i32* %150, align 4 %151 = getelementptr inbounds i8, i8* %123, i64 192 %152 = bitcast i8* %151 to i32* store i32 0, i32* %152, align 8 %153 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11 %154 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11, i32 8, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %154, i32* %154) #6, !srcloc !12 %155 = getelementptr inbounds i8, i8* %123, i64 16 %156 = bitcast i8* %155 to %struct.neigh_parms.589003** store %struct.neigh_parms.589003* %153, %struct.neigh_parms.589003** %156, align 8 %157 = getelementptr inbounds i8, i8* %123, i64 88 %158 = bitcast i8* %157 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %158, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %159 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 24 %160 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %161 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %160, i64 0, i32 0 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %161, i64* %161) #6, !srcloc !13 %162 = getelementptr inbounds i8, i8* %123, i64 8 %163 = bitcast i8* %162 to %struct.neigh_table.588874** store %struct.neigh_table.588874* %0, %struct.neigh_table.588874** %163, align 8 %164 = getelementptr inbounds i8, i8* %123, i64 48 %165 = bitcast i8* %164 to i32* store volatile i32 1, i32* %165, align 8 %166 = getelementptr inbounds i8, i8* %123, i64 143 store i8 1, i8* %166, align 1 %167 = getelementptr inbounds i8, i8* %123, i64 336 %168 = zext i32 %6 to i64 %169 = getelementptr inbounds i8, i8* %123, i64 328 %170 = bitcast i8* %169 to %struct.net_device.589093** store %struct.net_device.589093* %2, %struct.net_device.589093** %170, align 8 %171 = icmp eq %struct.net_device.589093* %2, null br i1 %171, label %175, label %172 %176 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 6 %177 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %176, align 8 %178 = icmp eq i32 (%struct.neighbour.588877*)* %177, null br i1 %178, label %185, label %179 %186 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 30 %187 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %186, align 8 %188 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %187, i64 0, i32 43 %189 = load i32 (%struct.net_device.589093*, %struct.neighbour.588877*)*, i32 (%struct.net_device.589093*, %struct.neighbour.588877*)** %188, align 8 %190 = icmp eq i32 (%struct.net_device.589093*, %struct.neighbour.588877*)* %189, null br i1 %190, label %197, label %191 %198 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %199 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %198, i64 0, i32 3 %200 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour.588877*)* %200, null br i1 %201, label %210, label %202 %203 = tail call i32 %200(%struct.neighbour.588877* nonnull %127) #69 %204 = icmp slt i32 %203, 0 br i1 %204, label %207, label %205 %206 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 br label %210 %211 = phi %struct.neigh_parms.589003* [ %206, %205 ], [ %198, %197 ] %212 = load volatile i64, i64* @jiffies, align 64 %213 = getelementptr %struct.neigh_parms.589003, %struct.neigh_parms.589003* %211, i64 0, i32 11, i64 5 %214 = load i32, i32* %213, align 4 %215 = shl i32 %214, 1 %216 = sext i32 %215 to i64 %217 = sub i64 %212, %216 %218 = getelementptr inbounds i8, i8* %123, i64 24 %219 = bitcast i8* %218 to i64* store i64 %217, i64* %219, align 8 %220 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 22 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %220) #69 %221 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 25 %222 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %223 = load volatile i32, i32* %8, align 4 %224 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %222, i64 0, i32 1 %225 = load i32, i32* %224, align 8 %226 = shl nuw i32 1, %225 %227 = icmp sgt i32 %223, %226 br i1 %227, label %228, label %281 %229 = add i32 %225, 1 %230 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %231 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %230, i64 0, i32 2 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %231, i64* %231) #6, !srcloc !15 %232 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %233 = tail call fastcc %struct.neigh_hash_table.588873* @neigh_hash_alloc(i32 %229) #69 %234 = icmp eq %struct.neigh_hash_table.588873* %233, null br i1 %234, label %281, label %235 %236 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 1 %237 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 0 %238 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %239 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 2, i64 0 %240 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 1 %241 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 0 br label %242 %243 = phi i32 [ 0, %235 ], [ %273, %272 ] %244 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %237, align 8 %245 = zext i32 %243 to i64 %246 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %244, i64 %245 %247 = load %struct.neighbour.588877*, %struct.neighbour.588877** %246, align 8 %248 = icmp eq %struct.neighbour.588877* %247, null br i1 %248, label %272, label %249 %250 = phi %struct.neighbour.588877* [ %260, %249 ], [ %247, %242 ] %251 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %238, align 8 %252 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 23, i64 0 %253 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 22 %254 = load %struct.net_device.589093*, %struct.net_device.589093** %253, align 8 %255 = tail call i32 %251(i8* %252, %struct.net_device.589093* %254, i32* %239) #69 %256 = load i32, i32* %240, align 8 %257 = sub i32 32, %256 %258 = lshr i32 %255, %257 %259 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 0 %260 = load %struct.neighbour.588877*, %struct.neighbour.588877** %259, align 8 %261 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %262 = zext i32 %258 to i64 %263 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %261, i64 %262 %264 = bitcast %struct.neighbour.588877** %263 to i64* %265 = load i64, i64* %264, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %266 = bitcast %struct.neighbour.588877* %250 to i64* store volatile i64 %265, i64* %266, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %267 = ptrtoint %struct.neighbour.588877* %250 to i64 %268 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %269 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %268, i64 %262 %270 = bitcast %struct.neighbour.588877** %269 to i64* store volatile i64 %267, i64* %270, align 8 %271 = icmp eq %struct.neighbour.588877* %260, null br i1 %271, label %272, label %249 %273 = add i32 %243, 1 %274 = load i32, i32* %236, align 8 %275 = lshr i32 %273, %274 %276 = icmp eq i32 %275, 0 br i1 %276, label %242, label %277 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %278 = ptrtoint %struct.neigh_hash_table.588873* %233 to i64 %279 = bitcast %struct.neigh_hash_table.588873** %221 to i64* store volatile i64 %278, i64* %279, align 8 %280 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 3 tail call void @call_rcu_sched(%struct.callback_head* %280, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %281 %282 = phi %struct.neigh_hash_table.588873* [ %222, %210 ], [ %233, %277 ], [ %232, %228 ] %283 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %284 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %283, align 8 %285 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 2, i64 0 %286 = tail call i32 %284(i8* %167, %struct.net_device.589093* %2, i32* %285) #69 %287 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %288 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %287, i64 0, i32 7 %289 = load i32, i32* %288, align 8 %290 = icmp eq i32 %289, 0 br i1 %290, label %291, label %332 %292 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 1 %293 = load i32, i32* %292, align 8 %294 = sub i32 32, %293 %295 = lshr i32 %286, %294 %296 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 0 %297 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %296, align 8 %298 = zext i32 %295 to i64 %299 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %297, i64 %298 %300 = load %struct.neighbour.588877*, %struct.neighbour.588877** %299, align 8 %301 = icmp eq %struct.neighbour.588877* %300, null br i1 %301, label %318, label %302 %303 = phi %struct.neighbour.588877* [ %316, %314 ], [ %300, %291 ] %304 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 22 %305 = load %struct.net_device.589093*, %struct.net_device.589093** %304, align 8 %306 = icmp eq %struct.net_device.589093* %305, %2 br i1 %306, label %307, label %314 %308 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 23, i64 0 %309 = tail call i32 @bcmp(i8* %308, i8* %167, i64 %168) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_create 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 39 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.631313*, %struct.net_device.631313** %9, align 8 %11 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.631192* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i32 %55, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 call fastcc void @__ip_do_redirect(%struct.rtable.631321* %56, %struct.sk_buff.631221* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.631327, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 32 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 33 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.631313*, %struct.net_device.631313** %28, align 8 %30 = bitcast %struct.fib_result.631327* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %289 %36 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = icmp eq i32 %37, %27 br i1 %38, label %39, label %289 %40 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 67 %41 = bitcast %struct.in_device.631272** %40 to i64* %42 = load volatile i64, i64* %41, align 8 %43 = inttoptr i64 %42 to %struct.in_device.631272* %44 = icmp eq i64 %42, 0 br i1 %44, label %289, label %45 %46 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 107, i32 0 %47 = load %struct.net.630923*, %struct.net.630923** %46, align 8 %48 = icmp eq i32 %19, %27 br i1 %48, label %259, label %49 %50 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 0 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 %53 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 0 %54 = load %struct.net_device.631313*, %struct.net_device.631313** %53, align 8 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.630923*, %struct.net.630923** %55, align 8 %57 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %56, i64 0, i32 33, i32 5 %58 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %57, align 8 %59 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 3 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, 0 br i1 %52, label %67, label %62 br i1 %61, label %259, label %63 %64 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 3 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %259, label %72 %73 = and i32 %19, 240 %74 = icmp eq i32 %73, 224 %75 = icmp eq i32 %19, -1 %76 = or i1 %75, %74 %77 = and i32 %19, 255 %78 = icmp eq i32 %77, 0 %79 = or i1 %78, %76 br i1 %79, label %259, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 @inet_addr_type(%struct.net.630923* %47, i32 %19) #69 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %259 %111 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.631313*, %struct.net_device.631313** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %112, i64 0, i32 34 %114 = load i32, i32* %113, align 8 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.630880** getelementptr inbounds (%struct.neigh_table.630881, %struct.neigh_table.630881* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i64 0, i32 25) to i64*), align 8 %119 = inttoptr i64 %118 to %struct.neigh_hash_table.630880* %120 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 2, i64 0 %121 = ptrtoint %struct.net_device.631313* %112 to i64 %122 = lshr i64 %121, 32 %123 = xor i64 %122, %121 %124 = trunc i64 %123 to i32 %125 = xor i32 %117, %124 %126 = load i32, i32* %120, align 4 %127 = mul i32 %125, %126 %128 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 1 %129 = load i32, i32* %128, align 8 %130 = sub i32 32, %129 %131 = lshr i32 %127, %130 %132 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 0 %133 = load %struct.neighbour.630884**, %struct.neighbour.630884*** %132, align 8 %134 = zext i32 %131 to i64 %135 = getelementptr %struct.neighbour.630884*, %struct.neighbour.630884** %133, i64 %134 %136 = bitcast %struct.neighbour.630884** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = inttoptr i64 %137 to %struct.neighbour.630884* %139 = icmp eq i64 %137, 0 br i1 %139, label %156, label %140 %141 = phi %struct.neighbour.630884* [ %154, %151 ], [ %138, %110 ] %142 = phi i64 [ %153, %151 ], [ %137, %110 ] %143 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 22 %144 = load %struct.net_device.631313*, %struct.net_device.631313** %143, align 8 %145 = icmp eq %struct.net_device.631313* %144, %112 br i1 %145, label %146, label %151 %147 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 23, i64 0 %148 = bitcast i8* %147 to i32* %149 = load i32, i32* %148, align 8 %150 = icmp eq i32 %149, %117 br i1 %150, label %156, label %151 %152 = inttoptr i64 %142 to i64* %153 = load volatile i64, i64* %152, align 8 %154 = inttoptr i64 %153 to %struct.neighbour.630884* %155 = icmp eq i64 %153, 0 br i1 %155, label %176, label %140 tail call fastcc void @local_bh_enable.56947() #69 %177 = load %struct.net_device.631313*, %struct.net_device.631313** %111, align 8 %178 = call %struct.neighbour.630884* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*, i1)* @__neigh_create to %struct.neighbour.630884* (%struct.neigh_table.630881*, i8*, %struct.net_device.631313*, i1)*)(%struct.neigh_table.630881* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i8* nonnull %10, %struct.net_device.631313* %177, i1 zeroext true) #69 Function:__neigh_create %5 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 2 %6 = load i32, i32* %5, align 8 %7 = load volatile i64, i64* @jiffies, align 64 %8 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 21, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 16 %11 = load i32, i32* %10, align 4 %12 = icmp slt i32 %9, %11 br i1 %12, label %13, label %23 %14 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 15 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %9, %15 br i1 %16, label %115, label %17 %116 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 55 %119 = load i16, i16* %118, align 2 %120 = zext i16 %119 to i32 %121 = add i32 %117, %120 %122 = zext i32 %121 to i64 %123 = tail call noalias align 8 i8* @__kmalloc(i64 %122, i32 4751392) #69 %124 = icmp eq i8* %123, null br i1 %124, label %125, label %126 %127 = bitcast i8* %123 to %struct.neighbour.588877* %128 = getelementptr inbounds i8, i8* %123, i64 56 %129 = bitcast i8* %128 to i8** store i8* %128, i8** %129, align 8 %130 = getelementptr inbounds i8, i8* %123, i64 64 %131 = bitcast i8* %130 to i8** store i8* %128, i8** %131, align 8 %132 = getelementptr inbounds i8, i8* %123, i64 72 %133 = bitcast i8* %132 to i32* store i32 0, i32* %133, align 8 %134 = getelementptr inbounds i8, i8* %123, i64 40 %135 = bitcast i8* %134 to i32* store i32 0, i32* %135, align 8 %136 = getelementptr inbounds i8, i8* %123, i64 44 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 4 %138 = getelementptr inbounds i8, i8* %123, i64 144 %139 = bitcast i8* %138 to i32* store i32 0, i32* %139, align 8 %140 = getelementptr inbounds i8, i8* %123, i64 148 %141 = bitcast i8* %140 to i32* store i32 0, i32* %141, align 4 %142 = getelementptr inbounds i8, i8* %123, i64 128 %143 = bitcast i8* %142 to i64* store i64 %7, i64* %143, align 8 %144 = getelementptr inbounds i8, i8* %123, i64 32 %145 = bitcast i8* %144 to i64* store i64 %7, i64* %145, align 8 %146 = getelementptr inbounds i8, i8* %123, i64 141 store i8 0, i8* %146, align 1 %147 = getelementptr inbounds i8, i8* %123, i64 296 %148 = bitcast i8* %147 to i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** store i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)* @neigh_blackhole, i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** %148, align 8 %149 = getelementptr inbounds i8, i8* %123, i64 188 %150 = bitcast i8* %149 to i32* store i32 0, i32* %150, align 4 %151 = getelementptr inbounds i8, i8* %123, i64 192 %152 = bitcast i8* %151 to i32* store i32 0, i32* %152, align 8 %153 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11 %154 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11, i32 8, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %154, i32* %154) #6, !srcloc !12 %155 = getelementptr inbounds i8, i8* %123, i64 16 %156 = bitcast i8* %155 to %struct.neigh_parms.589003** store %struct.neigh_parms.589003* %153, %struct.neigh_parms.589003** %156, align 8 %157 = getelementptr inbounds i8, i8* %123, i64 88 %158 = bitcast i8* %157 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %158, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %159 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 24 %160 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %161 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %160, i64 0, i32 0 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %161, i64* %161) #6, !srcloc !13 %162 = getelementptr inbounds i8, i8* %123, i64 8 %163 = bitcast i8* %162 to %struct.neigh_table.588874** store %struct.neigh_table.588874* %0, %struct.neigh_table.588874** %163, align 8 %164 = getelementptr inbounds i8, i8* %123, i64 48 %165 = bitcast i8* %164 to i32* store volatile i32 1, i32* %165, align 8 %166 = getelementptr inbounds i8, i8* %123, i64 143 store i8 1, i8* %166, align 1 %167 = getelementptr inbounds i8, i8* %123, i64 336 %168 = zext i32 %6 to i64 %169 = getelementptr inbounds i8, i8* %123, i64 328 %170 = bitcast i8* %169 to %struct.net_device.589093** store %struct.net_device.589093* %2, %struct.net_device.589093** %170, align 8 %171 = icmp eq %struct.net_device.589093* %2, null br i1 %171, label %175, label %172 %176 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 6 %177 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %176, align 8 %178 = icmp eq i32 (%struct.neighbour.588877*)* %177, null br i1 %178, label %185, label %179 %186 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 30 %187 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %186, align 8 %188 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %187, i64 0, i32 43 %189 = load i32 (%struct.net_device.589093*, %struct.neighbour.588877*)*, i32 (%struct.net_device.589093*, %struct.neighbour.588877*)** %188, align 8 %190 = icmp eq i32 (%struct.net_device.589093*, %struct.neighbour.588877*)* %189, null br i1 %190, label %197, label %191 %198 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %199 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %198, i64 0, i32 3 %200 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour.588877*)* %200, null br i1 %201, label %210, label %202 %203 = tail call i32 %200(%struct.neighbour.588877* nonnull %127) #69 %204 = icmp slt i32 %203, 0 br i1 %204, label %207, label %205 %206 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 br label %210 %211 = phi %struct.neigh_parms.589003* [ %206, %205 ], [ %198, %197 ] %212 = load volatile i64, i64* @jiffies, align 64 %213 = getelementptr %struct.neigh_parms.589003, %struct.neigh_parms.589003* %211, i64 0, i32 11, i64 5 %214 = load i32, i32* %213, align 4 %215 = shl i32 %214, 1 %216 = sext i32 %215 to i64 %217 = sub i64 %212, %216 %218 = getelementptr inbounds i8, i8* %123, i64 24 %219 = bitcast i8* %218 to i64* store i64 %217, i64* %219, align 8 %220 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 22 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %220) #69 %221 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 25 %222 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %223 = load volatile i32, i32* %8, align 4 %224 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %222, i64 0, i32 1 %225 = load i32, i32* %224, align 8 %226 = shl nuw i32 1, %225 %227 = icmp sgt i32 %223, %226 br i1 %227, label %228, label %281 %229 = add i32 %225, 1 %230 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %231 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %230, i64 0, i32 2 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %231, i64* %231) #6, !srcloc !15 %232 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %233 = tail call fastcc %struct.neigh_hash_table.588873* @neigh_hash_alloc(i32 %229) #69 %234 = icmp eq %struct.neigh_hash_table.588873* %233, null br i1 %234, label %281, label %235 %236 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 1 %237 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 0 %238 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %239 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 2, i64 0 %240 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 1 %241 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 0 br label %242 %243 = phi i32 [ 0, %235 ], [ %273, %272 ] %244 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %237, align 8 %245 = zext i32 %243 to i64 %246 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %244, i64 %245 %247 = load %struct.neighbour.588877*, %struct.neighbour.588877** %246, align 8 %248 = icmp eq %struct.neighbour.588877* %247, null br i1 %248, label %272, label %249 %250 = phi %struct.neighbour.588877* [ %260, %249 ], [ %247, %242 ] %251 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %238, align 8 %252 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 23, i64 0 %253 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 22 %254 = load %struct.net_device.589093*, %struct.net_device.589093** %253, align 8 %255 = tail call i32 %251(i8* %252, %struct.net_device.589093* %254, i32* %239) #69 %256 = load i32, i32* %240, align 8 %257 = sub i32 32, %256 %258 = lshr i32 %255, %257 %259 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 0 %260 = load %struct.neighbour.588877*, %struct.neighbour.588877** %259, align 8 %261 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %262 = zext i32 %258 to i64 %263 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %261, i64 %262 %264 = bitcast %struct.neighbour.588877** %263 to i64* %265 = load i64, i64* %264, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %266 = bitcast %struct.neighbour.588877* %250 to i64* store volatile i64 %265, i64* %266, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %267 = ptrtoint %struct.neighbour.588877* %250 to i64 %268 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %269 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %268, i64 %262 %270 = bitcast %struct.neighbour.588877** %269 to i64* store volatile i64 %267, i64* %270, align 8 %271 = icmp eq %struct.neighbour.588877* %260, null br i1 %271, label %272, label %249 %273 = add i32 %243, 1 %274 = load i32, i32* %236, align 8 %275 = lshr i32 %273, %274 %276 = icmp eq i32 %275, 0 br i1 %276, label %242, label %277 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %278 = ptrtoint %struct.neigh_hash_table.588873* %233 to i64 %279 = bitcast %struct.neigh_hash_table.588873** %221 to i64* store volatile i64 %278, i64* %279, align 8 %280 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 3 tail call void @call_rcu_sched(%struct.callback_head* %280, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %281 %282 = phi %struct.neigh_hash_table.588873* [ %222, %210 ], [ %233, %277 ], [ %232, %228 ] %283 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %284 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %283, align 8 %285 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 2, i64 0 %286 = tail call i32 %284(i8* %167, %struct.net_device.589093* %2, i32* %285) #69 %287 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %288 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %287, i64 0, i32 7 %289 = load i32, i32* %288, align 8 %290 = icmp eq i32 %289, 0 br i1 %290, label %291, label %332 %292 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 1 %293 = load i32, i32* %292, align 8 %294 = sub i32 32, %293 %295 = lshr i32 %286, %294 %296 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 0 %297 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %296, align 8 %298 = zext i32 %295 to i64 %299 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %297, i64 %298 %300 = load %struct.neighbour.588877*, %struct.neighbour.588877** %299, align 8 %301 = icmp eq %struct.neighbour.588877* %300, null br i1 %301, label %318, label %302 %303 = phi %struct.neighbour.588877* [ %316, %314 ], [ %300, %291 ] %304 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 22 %305 = load %struct.net_device.589093*, %struct.net_device.589093** %304, align 8 %306 = icmp eq %struct.net_device.589093* %305, %2 br i1 %306, label %307, label %314 %308 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 23, i64 0 %309 = tail call i32 @bcmp(i8* %308, i8* %167, i64 %168) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_create 1 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = getelementptr inbounds %struct.dst_entry.631314, %struct.dst_entry.631314* %0, i64 0, i32 0 %5 = load %struct.net_device.631313*, %struct.net_device.631313** %4, align 8 %6 = getelementptr inbounds %struct.dst_entry.631314, %struct.dst_entry.631314* %0, i64 1, i32 2 %7 = bitcast i64* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %22 %23 = phi i32* [ %21, %13 ], [ %11, %10 ], [ %7, %3 ] %24 = load i32, i32* %23, align 4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %25 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %5, i64 0, i32 34 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 24 %28 = icmp eq i32 %27, 0 %29 = select i1 %28, i32 %24, i32 0 %30 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.630880** getelementptr inbounds (%struct.neigh_table.630881, %struct.neigh_table.630881* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i64 0, i32 25) to i64*), align 8 %31 = inttoptr i64 %30 to %struct.neigh_hash_table.630880* %32 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %31, i64 0, i32 2, i64 0 %33 = ptrtoint %struct.net_device.631313* %5 to i64 %34 = lshr i64 %33, 32 %35 = xor i64 %34, %33 %36 = trunc i64 %35 to i32 %37 = xor i32 %29, %36 %38 = load i32, i32* %32, align 4 %39 = mul i32 %37, %38 %40 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %31, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sub i32 32, %41 %43 = lshr i32 %39, %42 %44 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %31, i64 0, i32 0 %45 = load %struct.neighbour.630884**, %struct.neighbour.630884*** %44, align 8 %46 = zext i32 %43 to i64 %47 = getelementptr %struct.neighbour.630884*, %struct.neighbour.630884** %45, i64 %46 %48 = bitcast %struct.neighbour.630884** %47 to i64* %49 = load volatile i64, i64* %48, align 8 %50 = inttoptr i64 %49 to %struct.neighbour.630884* %51 = icmp eq i64 %49, 0 br i1 %51, label %68, label %52 %53 = phi %struct.neighbour.630884* [ %66, %63 ], [ %50, %22 ] %54 = phi i64 [ %65, %63 ], [ %49, %22 ] %55 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %53, i64 0, i32 22 %56 = load %struct.net_device.631313*, %struct.net_device.631313** %55, align 8 %57 = icmp eq %struct.net_device.631313* %56, %5 br i1 %57, label %58, label %63 %59 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %53, i64 0, i32 23, i64 0 %60 = bitcast i8* %59 to i32* %61 = load i32, i32* %60, align 8 %62 = icmp eq i32 %61, %29 br i1 %62, label %68, label %63 %64 = inttoptr i64 %54 to i64* %65 = load volatile i64, i64* %64, align 8 %66 = inttoptr i64 %65 to %struct.neighbour.630884* %67 = icmp eq i64 %65, 0 br i1 %67, label %88, label %52 tail call fastcc void @local_bh_enable.56947() #69 %89 = bitcast i32* %23 to i8* %90 = tail call %struct.neighbour.630884* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*, i1)* @__neigh_create to %struct.neighbour.630884* (%struct.neigh_table.630881*, i8*, %struct.net_device.631313*, i1)*)(%struct.neigh_table.630881* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i8* %89, %struct.net_device.631313* %5, i1 zeroext true) #69 Function:__neigh_create %5 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 2 %6 = load i32, i32* %5, align 8 %7 = load volatile i64, i64* @jiffies, align 64 %8 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 21, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 16 %11 = load i32, i32* %10, align 4 %12 = icmp slt i32 %9, %11 br i1 %12, label %13, label %23 %14 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 15 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %9, %15 br i1 %16, label %115, label %17 %116 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 55 %119 = load i16, i16* %118, align 2 %120 = zext i16 %119 to i32 %121 = add i32 %117, %120 %122 = zext i32 %121 to i64 %123 = tail call noalias align 8 i8* @__kmalloc(i64 %122, i32 4751392) #69 %124 = icmp eq i8* %123, null br i1 %124, label %125, label %126 %127 = bitcast i8* %123 to %struct.neighbour.588877* %128 = getelementptr inbounds i8, i8* %123, i64 56 %129 = bitcast i8* %128 to i8** store i8* %128, i8** %129, align 8 %130 = getelementptr inbounds i8, i8* %123, i64 64 %131 = bitcast i8* %130 to i8** store i8* %128, i8** %131, align 8 %132 = getelementptr inbounds i8, i8* %123, i64 72 %133 = bitcast i8* %132 to i32* store i32 0, i32* %133, align 8 %134 = getelementptr inbounds i8, i8* %123, i64 40 %135 = bitcast i8* %134 to i32* store i32 0, i32* %135, align 8 %136 = getelementptr inbounds i8, i8* %123, i64 44 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 4 %138 = getelementptr inbounds i8, i8* %123, i64 144 %139 = bitcast i8* %138 to i32* store i32 0, i32* %139, align 8 %140 = getelementptr inbounds i8, i8* %123, i64 148 %141 = bitcast i8* %140 to i32* store i32 0, i32* %141, align 4 %142 = getelementptr inbounds i8, i8* %123, i64 128 %143 = bitcast i8* %142 to i64* store i64 %7, i64* %143, align 8 %144 = getelementptr inbounds i8, i8* %123, i64 32 %145 = bitcast i8* %144 to i64* store i64 %7, i64* %145, align 8 %146 = getelementptr inbounds i8, i8* %123, i64 141 store i8 0, i8* %146, align 1 %147 = getelementptr inbounds i8, i8* %123, i64 296 %148 = bitcast i8* %147 to i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** store i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)* @neigh_blackhole, i32 (%struct.neighbour.588877*, %struct.sk_buff.589108*)** %148, align 8 %149 = getelementptr inbounds i8, i8* %123, i64 188 %150 = bitcast i8* %149 to i32* store i32 0, i32* %150, align 4 %151 = getelementptr inbounds i8, i8* %123, i64 192 %152 = bitcast i8* %151 to i32* store i32 0, i32* %152, align 8 %153 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11 %154 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 11, i32 8, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %154, i32* %154) #6, !srcloc !12 %155 = getelementptr inbounds i8, i8* %123, i64 16 %156 = bitcast i8* %155 to %struct.neigh_parms.589003** store %struct.neigh_parms.589003* %153, %struct.neigh_parms.589003** %156, align 8 %157 = getelementptr inbounds i8, i8* %123, i64 88 %158 = bitcast i8* %157 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %158, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %159 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 24 %160 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %161 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %160, i64 0, i32 0 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %161, i64* %161) #6, !srcloc !13 %162 = getelementptr inbounds i8, i8* %123, i64 8 %163 = bitcast i8* %162 to %struct.neigh_table.588874** store %struct.neigh_table.588874* %0, %struct.neigh_table.588874** %163, align 8 %164 = getelementptr inbounds i8, i8* %123, i64 48 %165 = bitcast i8* %164 to i32* store volatile i32 1, i32* %165, align 8 %166 = getelementptr inbounds i8, i8* %123, i64 143 store i8 1, i8* %166, align 1 %167 = getelementptr inbounds i8, i8* %123, i64 336 %168 = zext i32 %6 to i64 %169 = getelementptr inbounds i8, i8* %123, i64 328 %170 = bitcast i8* %169 to %struct.net_device.589093** store %struct.net_device.589093* %2, %struct.net_device.589093** %170, align 8 %171 = icmp eq %struct.net_device.589093* %2, null br i1 %171, label %175, label %172 %176 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 6 %177 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %176, align 8 %178 = icmp eq i32 (%struct.neighbour.588877*)* %177, null br i1 %178, label %185, label %179 %186 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %2, i64 0, i32 30 %187 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %186, align 8 %188 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %187, i64 0, i32 43 %189 = load i32 (%struct.net_device.589093*, %struct.neighbour.588877*)*, i32 (%struct.net_device.589093*, %struct.neighbour.588877*)** %188, align 8 %190 = icmp eq i32 (%struct.net_device.589093*, %struct.neighbour.588877*)* %189, null br i1 %190, label %197, label %191 %198 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %199 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %198, i64 0, i32 3 %200 = load i32 (%struct.neighbour.588877*)*, i32 (%struct.neighbour.588877*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour.588877*)* %200, null br i1 %201, label %210, label %202 %203 = tail call i32 %200(%struct.neighbour.588877* nonnull %127) #69 %204 = icmp slt i32 %203, 0 br i1 %204, label %207, label %205 %206 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 br label %210 %211 = phi %struct.neigh_parms.589003* [ %206, %205 ], [ %198, %197 ] %212 = load volatile i64, i64* @jiffies, align 64 %213 = getelementptr %struct.neigh_parms.589003, %struct.neigh_parms.589003* %211, i64 0, i32 11, i64 5 %214 = load i32, i32* %213, align 4 %215 = shl i32 %214, 1 %216 = sext i32 %215 to i64 %217 = sub i64 %212, %216 %218 = getelementptr inbounds i8, i8* %123, i64 24 %219 = bitcast i8* %218 to i64* store i64 %217, i64* %219, align 8 %220 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 22 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %220) #69 %221 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 25 %222 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %223 = load volatile i32, i32* %8, align 4 %224 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %222, i64 0, i32 1 %225 = load i32, i32* %224, align 8 %226 = shl nuw i32 1, %225 %227 = icmp sgt i32 %223, %226 br i1 %227, label %228, label %281 %229 = add i32 %225, 1 %230 = load %struct.neigh_statistics*, %struct.neigh_statistics** %159, align 8 %231 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %230, i64 0, i32 2 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %231, i64* %231) #6, !srcloc !15 %232 = load %struct.neigh_hash_table.588873*, %struct.neigh_hash_table.588873** %221, align 8 %233 = tail call fastcc %struct.neigh_hash_table.588873* @neigh_hash_alloc(i32 %229) #69 %234 = icmp eq %struct.neigh_hash_table.588873* %233, null br i1 %234, label %281, label %235 %236 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 1 %237 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 0 %238 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %239 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 2, i64 0 %240 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 1 %241 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %233, i64 0, i32 0 br label %242 %243 = phi i32 [ 0, %235 ], [ %273, %272 ] %244 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %237, align 8 %245 = zext i32 %243 to i64 %246 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %244, i64 %245 %247 = load %struct.neighbour.588877*, %struct.neighbour.588877** %246, align 8 %248 = icmp eq %struct.neighbour.588877* %247, null br i1 %248, label %272, label %249 %250 = phi %struct.neighbour.588877* [ %260, %249 ], [ %247, %242 ] %251 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %238, align 8 %252 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 23, i64 0 %253 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 22 %254 = load %struct.net_device.589093*, %struct.net_device.589093** %253, align 8 %255 = tail call i32 %251(i8* %252, %struct.net_device.589093* %254, i32* %239) #69 %256 = load i32, i32* %240, align 8 %257 = sub i32 32, %256 %258 = lshr i32 %255, %257 %259 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %250, i64 0, i32 0 %260 = load %struct.neighbour.588877*, %struct.neighbour.588877** %259, align 8 %261 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %262 = zext i32 %258 to i64 %263 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %261, i64 %262 %264 = bitcast %struct.neighbour.588877** %263 to i64* %265 = load i64, i64* %264, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %266 = bitcast %struct.neighbour.588877* %250 to i64* store volatile i64 %265, i64* %266, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %267 = ptrtoint %struct.neighbour.588877* %250 to i64 %268 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %241, align 8 %269 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %268, i64 %262 %270 = bitcast %struct.neighbour.588877** %269 to i64* store volatile i64 %267, i64* %270, align 8 %271 = icmp eq %struct.neighbour.588877* %260, null br i1 %271, label %272, label %249 %273 = add i32 %243, 1 %274 = load i32, i32* %236, align 8 %275 = lshr i32 %273, %274 %276 = icmp eq i32 %275, 0 br i1 %276, label %242, label %277 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %278 = ptrtoint %struct.neigh_hash_table.588873* %233 to i64 %279 = bitcast %struct.neigh_hash_table.588873** %221 to i64* store volatile i64 %278, i64* %279, align 8 %280 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %232, i64 0, i32 3 tail call void @call_rcu_sched(%struct.callback_head* %280, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %281 %282 = phi %struct.neigh_hash_table.588873* [ %222, %210 ], [ %233, %277 ], [ %232, %228 ] %283 = getelementptr inbounds %struct.neigh_table.588874, %struct.neigh_table.588874* %0, i64 0, i32 4 %284 = load i32 (i8*, %struct.net_device.589093*, i32*)*, i32 (i8*, %struct.net_device.589093*, i32*)** %283, align 8 %285 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 2, i64 0 %286 = tail call i32 %284(i8* %167, %struct.net_device.589093* %2, i32* %285) #69 %287 = load %struct.neigh_parms.589003*, %struct.neigh_parms.589003** %156, align 8 %288 = getelementptr inbounds %struct.neigh_parms.589003, %struct.neigh_parms.589003* %287, i64 0, i32 7 %289 = load i32, i32* %288, align 8 %290 = icmp eq i32 %289, 0 br i1 %290, label %291, label %332 %292 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 1 %293 = load i32, i32* %292, align 8 %294 = sub i32 32, %293 %295 = lshr i32 %286, %294 %296 = getelementptr inbounds %struct.neigh_hash_table.588873, %struct.neigh_hash_table.588873* %282, i64 0, i32 0 %297 = load %struct.neighbour.588877**, %struct.neighbour.588877*** %296, align 8 %298 = zext i32 %295 to i64 %299 = getelementptr %struct.neighbour.588877*, %struct.neighbour.588877** %297, i64 %298 %300 = load %struct.neighbour.588877*, %struct.neighbour.588877** %299, align 8 %301 = icmp eq %struct.neighbour.588877* %300, null br i1 %301, label %318, label %302 %303 = phi %struct.neighbour.588877* [ %316, %314 ], [ %300, %291 ] %304 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 22 %305 = load %struct.net_device.589093*, %struct.net_device.589093** %304, align 8 %306 = icmp eq %struct.net_device.589093* %305, %2 br i1 %306, label %307, label %314 %308 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %303, i64 0, i32 23, i64 0 %309 = tail call i32 @bcmp(i8* %308, i8* %167, i64 %168) ------------- Use: =BAD PATH= Call Stack: 0 neigh_update 1 ndisc_update 2 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.ndisc_options, align 8 %6 = bitcast %struct.netevent_redirect* %4 to i8* %7 = bitcast %struct.ndisc_options* %5 to i8* %8 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 38 %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 36 %11 = load i32, i32* %10, align 8 %12 = zext i32 %11 to i64 %13 = getelementptr i8, i8* %9, i64 %12 %14 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 32 %15 = load i16, i16* %14, align 2 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %9, i64 %16 %18 = ptrtoint i8* %13 to i64 %19 = ptrtoint i8* %17 to i64 %20 = sub i64 %18, %19 %21 = trunc i64 %20 to i32 %22 = add i32 %21, -40 %23 = icmp slt i32 %22, 0 br i1 %23, label %162, label %24 %25 = getelementptr inbounds i8, i8* %17, i64 24 %26 = bitcast i8* %25 to %struct.in6_addr* %27 = bitcast i8* %25 to i32* %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 255 %30 = icmp eq i32 %29, 255 br i1 %30, label %162, label %31 %32 = getelementptr inbounds i8, i8* %17, i64 8 %33 = bitcast i8* %25 to i64* %34 = bitcast i8* %32 to i64* %35 = load i64, i64* %33, align 8 %36 = load i64, i64* %34, align 8 %37 = getelementptr i8, i8* %25, i64 8 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = getelementptr i8, i8* %32, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %35, %36 %44 = icmp eq i64 %39, %42 %45 = and i1 %43, %44 br i1 %45, label %51, label %46 %52 = phi i1 [ true, %46 ], [ false, %31 ] %53 = getelementptr inbounds %struct.sk_buff.684681, %struct.sk_buff.684681* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %54 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %55 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %54, i64 0, i32 68 %56 = bitcast %struct.inet6_dev.684771** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = inttoptr i64 %57 to %struct.inet6_dev.684771* %59 = icmp eq i64 %57, 0 br i1 %59, label %162, label %60 %61 = getelementptr inbounds %struct.inet6_dev.684771, %struct.inet6_dev.684771* %58, i64 0, i32 26, i32 0 %62 = load i32, i32* %61, align 8 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %162 %65 = getelementptr inbounds %struct.inet6_dev.684771, %struct.inet6_dev.684771* %58, i64 0, i32 26, i32 4 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %162, label %68 %69 = getelementptr inbounds i8, i8* %17, i64 40 %70 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.687103*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.684854*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.684854* %54, i8* %69, i32 %22, %struct.ndisc_options* nonnull %5) #69 %71 = icmp eq %struct.ndisc_options* %70, null br i1 %71, label %162, label %72 %73 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %5, i64 0, i32 0, i64 2 %74 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %73, align 8 %75 = icmp eq %struct.nd_opt_hdr* %74, null br i1 %75, label %98, label %76 %77 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %78 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %77, i64 0, i32 52 %79 = load i8, i8* %78, align 1 %80 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %77, i64 0, i32 45 %81 = load i16, i16* %80, align 4 %82 = icmp eq i16 %81, 32 %83 = select i1 %82, i32 2, i32 0 %84 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %74, i64 0, i32 1 %85 = load i8, i8* %84, align 1 %86 = zext i8 %85 to i32 %87 = shl nuw nsw i32 %86, 3 %88 = zext i8 %79 to i32 %89 = or i32 %83, 9 %90 = add nuw nsw i32 %89, %88 %91 = and i32 %90, 504 %92 = icmp ne i32 %87, %91 %93 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %74, i64 1, i32 0 %94 = zext i32 %83 to i64 %95 = getelementptr i8, i8* %93, i64 %94 %96 = icmp eq i8* %95, null %97 = or i1 %96, %92 br i1 %97, label %162, label %98 %99 = phi i8* [ %95, %76 ], [ null, %72 ] %100 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %101 = bitcast i64* %100 to i32* %102 = load i32, i32* %101, align 8 %103 = and i32 %102, 512 %104 = icmp eq i32 %103, 0 br i1 %104, label %105, label %162 %106 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %107 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %106, align 8 %108 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %107, i64 0, i32 15 %109 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %108, align 16 %110 = icmp eq void (%struct.dst_entry.684758*, i8*)* %109, null br i1 %110, label %118, label %111 %119 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %120 = call %struct.neighbour.684699* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*)* @neigh_lookup to %struct.neighbour.684699* (%struct.neigh_table.684695*, i8*, %struct.net_device.684854*)*)(%struct.neigh_table.684695* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i8* %32, %struct.net_device.684854* %119) #69 %121 = icmp eq %struct.neighbour.684699* %120, null br i1 %121, label %122, label %127 %123 = call %struct.neighbour.684699* bitcast (%struct.neighbour.588877* (%struct.neigh_table.588874*, i8*, %struct.net_device.589093*, i1)* @__neigh_create to %struct.neighbour.684699* (%struct.neigh_table.684695*, i8*, %struct.net_device.684854*, i1)*)(%struct.neigh_table.684695* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.687103*, i32*)*, i1 (%struct.neighbour.686694*, i8*)*, i32 (%struct.neighbour.686694*)*, i32 (%struct.pneigh_entry.686681*)*, void (%struct.pneigh_entry.686681*)*, void (%struct.sk_buff.687013*)*, i8*, %struct.neigh_parms.686682, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.686685, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.686690*, %struct.pneigh_entry.686681** }* @nd_tbl to %struct.neigh_table.684695*), i8* %32, %struct.net_device.684854* %119, i1 zeroext true) #69 %124 = icmp ugt %struct.neighbour.684699* %123, inttoptr (i64 -4096 to %struct.neighbour.684699*) %125 = icmp eq %struct.neighbour.684699* %123, null %126 = or i1 %124, %125 br i1 %126, label %162, label %127 %128 = phi %struct.neighbour.684699* [ %120, %118 ], [ %123, %122 ] %129 = load %struct.net_device.684854*, %struct.net_device.684854** %53, align 8 %130 = select i1 %52, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.687103*, %struct.neighbour.686694*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.684854*, %struct.neighbour.684699*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.684854* %129, %struct.neighbour.684699* nonnull %128, i8* %99, i8 zeroext 4, i32 %130, i8 zeroext -119, %struct.ndisc_options* nonnull %5) #69 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour.588877*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.686694*, i8*, i8, i32, i32)*)(%struct.neighbour.686694* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #69 Function:neigh_update %6 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %6) #69 %7 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %0, i64 0, i32 22 %8 = load %struct.net_device.589093*, %struct.net_device.589093** %7, align 8 %9 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %0, i64 0, i32 13 %10 = load i8, i8* %9, align 1 %11 = icmp sgt i32 %3, -1 %12 = xor i1 %11, true %13 = icmp ult i8 %10, 64 %14 = or i1 %13, %12 br i1 %14, label %15, label %345 %16 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %0, i64 0, i32 15 %17 = load i8, i8* %16, align 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %19, label %345 br i1 %11, label %33, label %20 %34 = phi i32 [ 0, %19 ], [ 0, %20 ], [ 1, %28 ] %35 = zext i8 %2 to i32 %36 = and i32 %35, 222 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %71 %72 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %8, i64 0, i32 52 %73 = load i8, i8* %72, align 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %75, label %77 %78 = icmp eq i8* %1, null %79 = and i8 %10, -34 %80 = icmp eq i8 %79, 0 br i1 %78, label %88, label %81 br i1 %80, label %91, label %82 %83 = getelementptr inbounds %struct.neighbour.588877, %struct.neighbour.588877* %0, i64 0, i32 17, i64 0 %84 = zext i8 %73 to i64 %85 = tail call i32 @bcmp(i8* nonnull %1, i8* %83, i64 %84) ------------- Use: =BAD PATH= Call Stack: 0 __ip_options_echo 1 __icmp_send 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 39 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 7 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.631313*, %struct.net_device.631313** %78, align 8 %80 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.630923*, %struct.net.630923** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.630923* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.631221* %0, i32* null) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void bitcast (void (%struct.sk_buff.650904*, i32, i32, i32, %struct.ip_options*)* @__icmp_send to void (%struct.sk_buff.631221*, i32, i32, i32, %struct.ip_options*)*)(%struct.sk_buff.631221* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #69 Function:__icmp_send %6 = alloca %struct.flowi4, align 8 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.inetpeer_addr, align 4 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.650916*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.650916** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.650916* store %struct.rtable.650916* %19, %struct.rtable.650916** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %485, label %23 %24 = getelementptr inbounds %struct.rtable.650916, %struct.rtable.650916* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.650889*, %struct.net_device.650889** %24, align 8 %26 = icmp eq %struct.net_device.650889* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.650889*, %struct.net_device.650889** %28, align 8 %30 = icmp eq %struct.net_device.650889* %29, null br i1 %30, label %485, label %31 %32 = phi %struct.net_device.650889* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.650889, %struct.net_device.650889* %32, i64 0, i32 107, i32 0 %34 = load %struct.net.650799*, %struct.net.650799** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 38 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 33 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %485, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 36 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %485, label %49 %50 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 16 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 7 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %485 %55 = getelementptr inbounds %struct.rtable.650916, %struct.rtable.650916* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %485 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %485 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 39 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 7 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 8 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93 %94 = icmp eq %struct.sk_buff.650904* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.583201*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.650904*, i32, i8*, i32)*)(%struct.sk_buff.650904* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #69 %97 = icmp slt i32 %96, 0 br i1 %97, label %113, label %104 %105 = phi i8* [ %102, %98 ], [ %13, %95 ] %106 = load i8, i8* %105, align 1 %107 = icmp ugt i8 %106, 18 br i1 %107, label %113, label %108 %109 = zext i8 %106 to i64 %110 = lshr i64 516353, %109 %111 = and i64 %110, 1 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %114 br label %115 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %116 = getelementptr inbounds %struct.sk_buff.650904, %struct.sk_buff.650904* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %117 = load %struct.net_device.650889*, %struct.net_device.650889** %116, align 8 %118 = icmp eq %struct.net_device.650889* %117, null br i1 %118, label %126, label %119 %120 = getelementptr inbounds %struct.net_device.650889, %struct.net_device.650889* %117, i64 0, i32 34 %121 = load i32, i32* %120, align 8 %122 = and i32 %121, 8 %123 = icmp ne i32 %122, 0 %124 = icmp sgt i32 %1, 18 %125 = or i1 %124, %123 br i1 %125, label %177, label %128 %129 = icmp eq i32 %1, 3 %130 = icmp eq i32 %2, 4 %131 = and i1 %129, %130 br i1 %131, label %177, label %132 %133 = shl nuw nsw i32 1, %1 %134 = getelementptr inbounds %struct.net.650799, %struct.net.650799* %34, i64 0, i32 33, i32 33 %135 = load volatile i32, i32* %134, align 4 %136 = and i32 %135, %133 %137 = icmp eq i32 %136, 0 br i1 %137, label %177, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = trunc i64 %139 to i32 %141 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %147 %144 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %145 = sub i32 %140, %144 %146 = icmp ult i32 %145, 20 br i1 %146, label %484, label %147 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 0, i32 0, i32 0)) #69 %148 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %149 = sub i32 %140, %148 %150 = icmp ult i32 %149, 1000 %151 = select i1 %150, i32 %149, i32 1000 %152 = icmp ugt i32 %151, 19 br i1 %152, label %153, label %159 %154 = load volatile i32, i32* @sysctl_icmp_msgs_per_sec, align 4 %155 = mul i32 %154, %151 %156 = icmp ult i32 %155, 1000 br i1 %156, label %159, label %157 %158 = udiv i32 %155, 1000 store volatile i32 %140, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 br label %159 %160 = phi i32 [ %158, %157 ], [ 0, %153 ], [ 0, %147 ] %161 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %162 = add i32 %161, %160 %163 = load volatile i32, i32* @sysctl_icmp_msgs_burst, align 4 %164 = icmp ult i32 %162, %163 %165 = select i1 %164, i32 %162, i32 %163 %166 = icmp eq i32 %165, 0 br i1 %166, label %176, label %167 %168 = call i32 @prandom_u32() #69 %169 = zext i32 %168 to i64 %170 = mul nuw nsw i64 %169, 3 %171 = lshr i64 %170, 32 %172 = trunc i64 %171 to i32 %173 = sub i32 %165, %172 %174 = icmp sgt i32 %173, 0 %175 = select i1 %174, i32 %173, i32 0 store volatile i32 %175, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.intel_pipe_crc* @icmp_global to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %177 %178 = getelementptr inbounds %struct.net.650799, %struct.net.650799* %34, i64 0, i32 33, i32 18 %179 = load %struct.sock.650702**, %struct.sock.650702*** %178, align 32 %180 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.sock.650702** %179) #6, !srcloc !8 %181 = inttoptr i64 %180 to %struct.sock.650702** %182 = load %struct.sock.650702*, %struct.sock.650702** %181, align 8 %183 = getelementptr inbounds %struct.sock.650702, %struct.sock.650702* %182, i64 0, i32 1, i32 0, i32 0, i32 0 %184 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %183) #69 %185 = icmp eq i32 %184, 0 %186 = icmp eq %struct.sock.650702* %182, null %187 = or i1 %186, %185 br i1 %187, label %484, label %188 %189 = getelementptr inbounds i8, i8* %40, i64 16 %190 = bitcast i8* %189 to i32* %191 = load i32, i32* %190, align 4 %192 = load %struct.rtable.650916*, %struct.rtable.650916** %10, align 8 %193 = getelementptr inbounds %struct.rtable.650916, %struct.rtable.650916* %192, i64 0, i32 2 %194 = load i32, i32* %193, align 4 %195 = icmp sgt i32 %194, -1 br i1 %195, label %196, label %225 %226 = phi i32 [ %191, %188 ], [ %224, %223 ] %227 = getelementptr inbounds i8, i8* %40, i64 1 %228 = load i8, i8* %227, align 1 %229 = and i8 %228, 30 %230 = or i8 %229, -64 %231 = select i1 %69, i8 %230, i8 %228 %232 = getelementptr inbounds %struct.net.650799, %struct.net.650799* %34, i64 0, i32 33, i32 47 %233 = load volatile i32, i32* %232, align 4 %234 = icmp eq i32 %233, 0 br i1 %234, label %238, label %235 %239 = phi i32 [ %237, %235 ], [ 0, %225 ] %240 = getelementptr inbounds %struct.icmp_bxm, %struct.icmp_bxm* %9, i64 0, i32 5, i32 0, i32 1 %241 = call i32 bitcast (i32 (%struct.net.630923*, %struct.ip_options*, %struct.sk_buff.631221*, %struct.ip_options*)* @__ip_options_echo to i32 (%struct.net.650799*, %struct.ip_options*, %struct.sk_buff.650904*, %struct.ip_options*)*)(%struct.net.650799* %34, %struct.ip_options* %240, %struct.sk_buff.650904* %0, %struct.ip_options* %4) #69 Function:__ip_options_echo %5 = bitcast %struct.ip_options* %1 to i8* %6 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 2 %7 = load i8, i8* %6, align 4 %8 = icmp eq i8 %7, 0 br i1 %8, label %251, label %9 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 38 %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 33 %13 = load i16, i16* %12, align 4 %14 = zext i16 %13 to i64 %15 = getelementptr i8, i8* %11, i64 %14 %16 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 %17 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 4 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 0 br i1 %19, label %54, label %20 %55 = phi i8 [ %53, %51 ], [ 20, %9 ] %56 = phi i8* [ %52, %51 ], [ %16, %9 ] %57 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 5 %58 = load i8, i8* %57, align 1 %59 = icmp eq i8 %58, 0 br i1 %59, label %135, label %60 %136 = phi i8* [ %132, %131 ], [ %56, %54 ] %137 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 3 %138 = load i8, i8* %137, align 1 %139 = icmp eq i8 %138, 0 br i1 %139, label %214, label %140 %141 = zext i8 %138 to i64 %142 = getelementptr i8, i8* %15, i64 %141 %143 = getelementptr i8, i8* %142, i64 1 %144 = load i8, i8* %143, align 1 %145 = getelementptr i8, i8* %142, i64 2 %146 = load i8, i8* %145, align 1 %147 = zext i8 %146 to i32 %148 = icmp ugt i8 %146, %144 %149 = zext i8 %144 to i32 %150 = add nuw nsw i32 %149, 1 %151 = select i1 %148, i32 %150, i32 %147 %152 = icmp ugt i32 %151, 7 br i1 %152, label %153, label %214 %154 = add nsw i32 %151, -5 %155 = zext i32 %154 to i64 %156 = getelementptr i8, i8* %142, i64 %155 %157 = bitcast i8* %156 to i32* %158 = load i32, i32* %157, align 1 %159 = add nsw i32 %151, -8 %160 = icmp ugt i32 %151, 11 br i1 %160, label %161, label %177 %162 = phi i64 [ %173, %161 ], [ 4, %153 ] %163 = phi i32 [ %172, %161 ], [ %159, %153 ] %164 = add nsw i64 %162, -1 %165 = getelementptr i8, i8* %136, i64 %164 %166 = add nsw i32 %163, -1 %167 = zext i32 %166 to i64 %168 = getelementptr i8, i8* %142, i64 %167 %169 = bitcast i8* %168 to i32* %170 = bitcast i8* %165 to i32* %171 = load i32, i32* %169, align 1 store i32 %171, i32* %170, align 1 %172 = add nsw i32 %163, -4 %173 = add nuw nsw i64 %162, 4 %174 = icmp sgt i32 %163, 7 br i1 %174, label %161, label %175 %176 = trunc i64 %173 to i32 br label %177 %178 = phi i32 [ %159, %153 ], [ %172, %175 ] %179 = phi i32 [ 4, %153 ], [ %176, %175 ] %180 = load i8*, i8** %10, align 8 %181 = load i16, i16* %12, align 4 %182 = zext i16 %181 to i64 %183 = getelementptr i8, i8* %180, i64 %182 %184 = getelementptr inbounds i8, i8* %183, i64 12 %185 = add nsw i32 %178, 3 %186 = zext i32 %185 to i64 %187 = getelementptr i8, i8* %142, i64 %186 %188 = tail call i32 @bcmp(i8* dereferenceable(4) %184, i8* dereferenceable(4) %187, i64 4) ------------- Good: 1019 Bad: 96 Ignored: 1388 Check Use of Function:dev_ifsioc Check Use of Function:unregister_netdevice_queue Check Use of Function:sg_scsi_ioctl Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = inttoptr i64 %2 to i8* %7 = inttoptr i64 %2 to i32* %8 = bitcast %struct.sg_request** %4 to i8* %9 = getelementptr inbounds %struct.file.473586, %struct.file.473586* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.sg_fd** %11 = load %struct.sg_fd*, %struct.sg_fd** %10, align 8 %12 = icmp eq %struct.sg_fd* %11, null br i1 %12, label %656, label %13 %14 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %11, i64 0, i32 1 %15 = load %struct.sg_device*, %struct.sg_device** %14, align 8 %16 = icmp eq %struct.sg_device* %15, null br i1 %16, label %656, label %17 %18 = getelementptr inbounds %struct.file.473586, %struct.file.473586* %0, i64 0, i32 7 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 3 %21 = icmp ne i32 %20, 2 %22 = zext i1 %21 to i32 switch i32 %1, label %642 [ i32 8837, label %23 i32 8705, label %95 i32 8706, label %120 i32 8825, label %656 i32 8826, label %124 i32 8822, label %136 i32 8827, label %202 i32 8828, label %219 i32 8829, label %259 i32 8831, label %293 i32 8821, label %298 i32 8818, label %376 i32 8817, label %392 i32 8816, label %409 i32 8839, label %415 i32 8840, label %430 i32 8835, label %436 i32 8834, label %456 i32 8841, label %459 i32 8838, label %466 i32 8707, label %545 i32 1, label %563 i32 8830, label %577 i32 4711, label %592 i32 -1069018509, label %604 i32 4724, label %617 i32 4725, label %624 i32 4726, label %631 i32 21378, label %638 i32 21382, label %638 i32 21381, label %638 i32 8709, label %638 i32 8836, label %638 ] %564 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %15, i64 0, i32 7, i32 0 %565 = load volatile i32, i32* %564, align 4 %566 = icmp eq i32 %565, 0 br i1 %566, label %567, label %656 %568 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %15, i64 0, i32 0 %569 = load %struct.scsi_device.473633*, %struct.scsi_device.473633** %568, align 8 %570 = getelementptr inbounds %struct.scsi_device.473633, %struct.scsi_device.473633* %569, i64 0, i32 1 %571 = load %struct.request_queue.473470*, %struct.request_queue.473470** %570, align 8 %572 = getelementptr inbounds %struct.file.473586, %struct.file.473586* %0, i64 0, i32 8 %573 = load i32, i32* %572, align 4 %574 = inttoptr i64 %2 to %struct.file_handle* %575 = tail call i32 bitcast (i32 (%struct.request_queue.263645*, %struct.gendisk.263649*, i32, %struct.file_handle*)* @sg_scsi_ioctl to i32 (%struct.request_queue.473470*, %struct.gendisk.473478*, i32, %struct.file_handle*)*)(%struct.request_queue.473470* %571, %struct.gendisk.473478* null, i32 %573, %struct.file_handle* %574) #69 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:pci_config_pm_runtime_get Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file.1620, %struct.file.1620* %0, i64 0, i32 2 %6 = load %struct.inode.1699*, %struct.inode.1699** %5, align 8 %7 = tail call i8* bitcast (i8* (%struct.inode.146664*)* @PDE_DATA to i8* (%struct.inode.1699*)*)(%struct.inode.1699* %6) #69 %8 = bitcast i8* %7 to %struct.pci_dev.276845* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 904 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, %10 br i1 %14, label %15, label %118 %16 = sext i32 %13 to i64 %17 = icmp ugt i64 %16, %2 %18 = select i1 %17, i64 %2, i64 %16 %19 = shl i64 %9, 32 %20 = ashr exact i64 %19, 32 %21 = add i64 %18, %20 %22 = icmp ugt i64 %21, %16 %23 = sub i32 %13, %10 %24 = sext i32 %23 to i64 %25 = select i1 %22, i64 %24, i64 %18 %26 = trunc i64 %25 to i32 %27 = shl i64 %25, 32 %28 = ashr exact i64 %27, 32 %29 = tail call %struct.task_struct.1872* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.1872** nonnull @current_task) #10, !srcloc !4 %30 = getelementptr inbounds %struct.task_struct.1872, %struct.task_struct.1872* %29, i64 0, i32 161, i32 17, i32 0 %31 = load i64, i64* %30, align 8 %32 = ptrtoint i8* %1 to i64 %33 = add i64 %28, %32 %34 = icmp ult i64 %33, %28 %35 = icmp ugt i64 %33, %31 %36 = or i1 %34, %35 br i1 %36, label %118, label %37, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.272149*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.276845*)*)(%struct.pci_dev.276845* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -1, i32 5 %8 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 -21 %9 = bitcast %struct.kernfs_node** %8 to %struct.pci_dev.272149* %10 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 92 %11 = bitcast %struct.kernfs_node** %10 to i32* %12 = load i32, i32* %11, align 8 %13 = sext i32 %12 to i64 %14 = icmp slt i64 %13, %4 br i1 %14, label %119, label %15 %16 = trunc i64 %5 to i32 %17 = add i64 %5, %4 %18 = icmp ugt i64 %17, %13 %19 = trunc i64 %4 to i32 %20 = sub i32 %12, %19 %21 = zext i32 %20 to i64 %22 = select i1 %18, i32 %20, i32 %16 %23 = select i1 %18, i64 %21, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.272149* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -1, i32 5 %8 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 -21 %9 = bitcast %struct.kernfs_node** %8 to %struct.pci_dev.272149* %10 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 92 %11 = bitcast %struct.kernfs_node** %10 to i32* %12 = load i32, i32* %11, align 8 %13 = sext i32 %12 to i64 %14 = icmp slt i64 %13, %4 br i1 %14, label %119, label %15 %16 = trunc i64 %5 to i32 %17 = add i64 %5, %4 %18 = icmp ugt i64 %17, %13 %19 = trunc i64 %4 to i32 %20 = sub i32 %12, %19 %21 = zext i32 %20 to i64 %22 = select i1 %18, i32 %20, i32 %16 %23 = select i1 %18, i64 %21, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.272149* %9) #69 ------------- Good: 2 Bad: 3 Ignored: 3 Check Use of Function:scsi_run_host_queues Check Use of Function:fifo_init Check Use of Function:mtrr_file_add Check Use of Function:proc_tid_base_lookup Check Use of Function:security_inode_rename Check Use of Function:down_read_killable Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca %struct.mmu_gather.146390, align 8 %7 = alloca i32, align 4 %8 = alloca %struct.kuid_t, align 4 %9 = alloca %struct.mm_walk.146388, align 8 %10 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %11 = bitcast %struct.mmu_gather.146390* %6 to i8* %12 = bitcast i32* %7 to i8* %13 = icmp ult i64 %2, 12 %14 = select i1 %13, i64 %2, i64 12 %15 = call i64 @_copy_from_user(i8* nonnull %10, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %111 %18 = call i8* @strim(i8* nonnull %10) #69 %19 = call i32 @kstrtoint(i8* %18, i32 10, i32* nonnull %7) #69 %20 = icmp slt i32 %19, 0 br i1 %20, label %21, label %23 %24 = load i32, i32* %7, align 4 %25 = add i32 %24, -1 %26 = icmp ugt i32 %25, 4 br i1 %26, label %111, label %27 %28 = getelementptr inbounds %struct.file.146376, %struct.file.146376* %0, i64 0, i32 2 %29 = load %struct.inode.146364*, %struct.inode.146364** %28, align 8 %30 = getelementptr %struct.inode.146364, %struct.inode.146364* %29, i64 -1, i32 40, i32 12, i32 1 %31 = bitcast %struct.list_head** %30 to %struct.pid.146206** %32 = load %struct.pid.146206*, %struct.pid.146206** %31, align 8 %33 = call %struct.task_struct.146315* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.146315* (%struct.pid.146206*, i32)*)(%struct.pid.146206* %32, i32 0) #69 %34 = icmp eq %struct.task_struct.146315* %33, null br i1 %34, label %111, label %35 %36 = call %struct.mm_struct.146199* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*)* @get_task_mm to %struct.mm_struct.146199* (%struct.task_struct.146315*)*)(%struct.task_struct.146315* nonnull %33) #69 %37 = icmp eq %struct.mm_struct.146199* %36, null br i1 %37, label %104, label %38 %39 = bitcast %struct.kuid_t* %8 to i8* %40 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 0, i32 0 store i32 %24, i32* %40, align 4 %41 = bitcast %struct.mm_walk.146388* %9 to i8* %42 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.146388*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.146388*)** %42, align 8 %43 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.146388*)* @clear_refs_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.146388*)** %43, align 8 %44 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 2 %45 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 5 %46 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.146388*)** %44 to i8* store i32 (i64, i64, %struct.mm_walk.146388*)* @clear_refs_test_walk, i32 (i64, i64, %struct.mm_walk.146388*)** %45, align 8 %47 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 6 store %struct.mm_struct.146199* %36, %struct.mm_struct.146199** %47, align 8 %48 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 7 store %struct.vm_area_struct.146111* null, %struct.vm_area_struct.146111** %48, align 8 %49 = getelementptr inbounds %struct.mm_walk.146388, %struct.mm_walk.146388* %9, i64 0, i32 8 %50 = bitcast i8** %49 to %struct.kuid_t** store %struct.kuid_t* %8, %struct.kuid_t** %50, align 8 %51 = icmp eq i32 %24, 5 %52 = getelementptr inbounds %struct.mm_struct.146199, %struct.mm_struct.146199* %36, i64 0, i32 0, i32 16 br i1 %51, label %53, label %72 %73 = call i32 bitcast (i32 (%struct.rw_semaphore.1574*)* @down_read_killable to i32 (%struct.rw_semaphore.146316*)*)(%struct.rw_semaphore.146316* %52) #69 ------------- Good: 15 Bad: 1 Ignored: 34 Check Use of Function:bad_inode_create Check Use of Function:destroy_local_trace_uprobe Check Use of Function:populate_vma_page_range Check Use of Function:fat_trim_fs Check Use of Function:uart_change_speed Check Use of Function:pci_user_read_config_dword Check Use of Function:security_msg_queue_msgrcv Check Use of Function:find_get_context Check Use of Function:inet6_addr_del Check Use of Function:md_rdev_clear Check Use of Function:kernel_sigaction Check Use of Function:__ip_tunnel_create Check Use of Function:ip6_datagram_release_cb Check Use of Function:check_for_audio_disc Check Use of Function:wbinvd_on_cpu Check Use of Function:security_inode_rmdir Check Use of Function:nfs_swap_activate Check Use of Function:ipc_rcu_getref Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_compat_sys_semtimedop ------------- Path:  Function:__ia32_compat_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %30 = and i64 %17, 4294967295 %31 = inttoptr i64 %15 to %struct.orc_entry* %32 = inttoptr i64 %30 to %struct.util_est* %33 = tail call i64 @compat_ksys_semtimedop(i32 %19, %struct.orc_entry* %31, i32 %20, %struct.util_est* %32) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.48, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.48* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 ------------- Good: 4 Bad: 10 Ignored: 6 Check Use of Function:pci_disable_device Check Use of Function:xt_compat_target_offset Check Use of Function:mmc_ioctl_cdrom_volume Check Use of Function:proc_sys_lookup Check Use of Function:ipc_update_perm Check Use of Function:md_import_device Check Use of Function:shmem_rmdir Check Use of Function:proc_alloc_inum Check Use of Function:to_compat_ipc_perm Check Use of Function:fl_release Check Use of Function:__netif_set_xps_queue Check Use of Function:filemap_write_and_wait Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #69 %6 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 8 %21 = load %struct.file.725*, %struct.file.725** %20, align 8 %22 = getelementptr inbounds %struct.file.725, %struct.file.725* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.197135** %24 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %23, align 8 %25 = icmp eq %struct.nfs_open_context.197135* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %24, i64 0, i32 3 %28 = load %struct.rpc_cred*, %struct.rpc_cred** %27, align 8 br label %29 %30 = phi %struct.rpc_cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.197135* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode.733* %5, %struct.rpc_cred* %30, %struct.nfs_fattr* %1, %struct.iattr.726* %2, %struct.nfs_open_context.197135* %31, %struct.nfs4_label* null) #70 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %12 = load %struct.super_block.720*, %struct.super_block.720** %11, align 8 %13 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.nfs_server.197100** %15 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %14, align 64 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.197135* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.197134* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr.726* %3, %struct.iattr.726** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.197134* %22, %struct.nfs4_state.197134** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode.733* %0, %struct.inode.733** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 33, i64 0 %45 = bitcast i32* %44 to i8* %46 = icmp eq %struct.inode.733* %0, null %47 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %48 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %47, i64 9, i32 1 %49 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %3, i64 0, i32 0 %50 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 0 %51 = icmp eq %struct.nfs4_state.197134* %22, null %52 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %22, i64 0, i32 13 br label %53 br i1 %46, label %73, label %54 %74 = call fastcc i32 @_nfs4_do_setattr(%struct.inode.733* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.rpc_cred* %1, %struct.nfs_open_context.197135* %4) #70 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.rpc_cred*, align 8 %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %12 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.nfs_server.197100** %14 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %13, align 64 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* %3, %struct.rpc_cred** %21, align 8 %22 = bitcast %struct.rpc_cred** %9 to i8* store %struct.rpc_cred* null, %struct.rpc_cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr.726*, %struct.iattr.726** %26, align 8 %28 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode.733* %0) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %3 = tail call i32 @nfs_wb_all(%struct.inode.733* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.197122** %6 = load %struct.nfs_renameargs.197122*, %struct.nfs_renameargs.197122** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.197123** %9 = load %struct.nfs_renameres.197123*, %struct.nfs_renameres.197123** %8, align 8 %10 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %11 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %12 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %2, i64 0, i32 5 %13 = load %struct.inode.733*, %struct.inode.733** %12, align 8 %14 = icmp eq %struct.inode.733* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode.733* nonnull %11) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %3 = tail call i32 @nfs_wb_all(%struct.inode.733* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %6 = load %struct.inode.733*, %struct.inode.733** %5, align 8 %7 = icmp eq %struct.inode.733* %6, null br i1 %7, label %16, label %8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %6, i64 0, i32 12, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %14 %15 = tail call i32 @nfs4_inode_make_writeable(%struct.inode.733* nonnull %6) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %3 = tail call i32 @nfs_wb_all(%struct.inode.733* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.197118** %6 = load %struct.nfs_removeargs.197118*, %struct.nfs_removeargs.197118** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.197120** %9 = load %struct.nfs_removeres.197120*, %struct.nfs_removeres.197120** %8, align 8 %10 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 9 %11 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %12 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %11, i64 0, i32 30 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 64 %15 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.197100** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = icmp eq %struct.inode.733* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode.733* nonnull %2) #69 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %3 = tail call i32 @nfs_wb_all(%struct.inode.733* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_setattr ------------- Path:  Function:nfs_setattr %3 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %0, i64 0, i32 5 %4 = load %struct.inode.180634*, %struct.inode.180634** %3, align 8 %5 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 8 %6 = load %struct.super_block.180619*, %struct.super_block.180619** %5, align 8 %7 = getelementptr inbounds %struct.super_block.180619, %struct.super_block.180619* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.180779** %9 = load %struct.nfs_server.180779*, %struct.nfs_server.180779** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.180779, %struct.nfs_server.180779* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 13 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.iattr.180625, %struct.iattr.180625* %1, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 6144 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = phi i32 [ %14, %2 ], [ %18, %17 ] %21 = and i32 %20, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %42, label %23 %24 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %29, label %28, !prof !5, !misexpect !6 %30 = getelementptr inbounds %struct.iattr.180625, %struct.iattr.180625* %1, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = tail call i32 bitcast (i32 (%struct.inode.126756*, i64)* @inode_newsize_ok to i32 (%struct.inode.180634*, i64)*)(%struct.inode.180634* %4, i64 %31) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %140 %35 = load i64, i64* %30, align 8 %36 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 14 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %35, %37 %39 = load i32, i32* %13, align 8 br i1 %38, label %40, label %42 %43 = phi i32 [ %20, %19 ], [ %41, %40 ], [ %39, %34 ] %44 = and i32 %43, 41407 store i32 %44, i32* %13, align 8 %45 = and i32 %43, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %140, label %47 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_setattr, %48)) #6 to label %70 [label %48], !srcloc !9 %71 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 0 %72 = load i16, i16* %71, align 8 %73 = and i16 %72, -4096 %74 = icmp eq i16 %73, -32768 br i1 %74, label %75, label %77 tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %4) #69 %76 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %4) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_setattr 2 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %3 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr %struct.inode.733, %struct.inode.733* %4, i64 -1, i32 16, i32 1 %6 = bitcast i64* %5 to i16* %7 = load i16, i16* %6, align 2 %8 = icmp eq i16 %7, 0 br i1 %8, label %11, label %9 %10 = tail call i32 bitcast (i32 (%struct.dentry.180623*, %struct.iattr.180625*)* @nfs_setattr to i32 (%struct.dentry.734*, %struct.iattr.726*)*)(%struct.dentry.734* %0, %struct.iattr.726* %1) #69 Function:nfs_setattr %3 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %0, i64 0, i32 5 %4 = load %struct.inode.180634*, %struct.inode.180634** %3, align 8 %5 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 8 %6 = load %struct.super_block.180619*, %struct.super_block.180619** %5, align 8 %7 = getelementptr inbounds %struct.super_block.180619, %struct.super_block.180619* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.180779** %9 = load %struct.nfs_server.180779*, %struct.nfs_server.180779** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.180779, %struct.nfs_server.180779* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 13 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.iattr.180625, %struct.iattr.180625* %1, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 6144 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = phi i32 [ %14, %2 ], [ %18, %17 ] %21 = and i32 %20, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %42, label %23 %24 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %29, label %28, !prof !5, !misexpect !6 %30 = getelementptr inbounds %struct.iattr.180625, %struct.iattr.180625* %1, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = tail call i32 bitcast (i32 (%struct.inode.126756*, i64)* @inode_newsize_ok to i32 (%struct.inode.180634*, i64)*)(%struct.inode.180634* %4, i64 %31) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %140 %35 = load i64, i64* %30, align 8 %36 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 14 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %35, %37 %39 = load i32, i32* %13, align 8 br i1 %38, label %40, label %42 %43 = phi i32 [ %20, %19 ], [ %41, %40 ], [ %39, %34 ] %44 = and i32 %43, 41407 store i32 %44, i32* %13, align 8 %45 = and i32 %43, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %140, label %47 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_setattr, %48)) #6 to label %70 [label %48], !srcloc !9 %71 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %4, i64 0, i32 0 %72 = load i16, i16* %71, align 8 %73 = and i16 %72, -4096 %74 = icmp eq i16 %73, -32768 br i1 %74, label %75, label %77 tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %4) #69 %76 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %4) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %63 = phi %struct.inode.733* [ %9, %36 ], [ %9, %46 ], [ null, %34 ], [ null, %59 ] %64 = phi %struct.dentry.734* [ null, %36 ], [ null, %46 ], [ null, %34 ], [ %57, %59 ] %65 = phi %struct.dentry.734* [ null, %36 ], [ %47, %46 ], [ null, %34 ], [ null, %59 ] %66 = phi %struct.dentry.734* [ %3, %36 ], [ %3, %46 ], [ %3, %34 ], [ %57, %59 ] %67 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %7, i64 0, i32 0 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, -4096 %70 = icmp eq i16 %69, -32768 br i1 %70, label %71, label %73 %72 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %7) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %63 = phi %struct.inode.733* [ %9, %36 ], [ %9, %46 ], [ null, %34 ], [ null, %59 ] %64 = phi %struct.dentry.734* [ null, %36 ], [ null, %46 ], [ null, %34 ], [ %57, %59 ] %65 = phi %struct.dentry.734* [ null, %36 ], [ %47, %46 ], [ null, %34 ], [ null, %59 ] %66 = phi %struct.dentry.734* [ %3, %36 ], [ %3, %46 ], [ %3, %34 ], [ %57, %59 ] %67 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %7, i64 0, i32 0 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, -4096 %70 = icmp eq i16 %69, -32768 br i1 %70, label %71, label %73 %72 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %7) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs_sync_inode 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %63 = phi %struct.inode.733* [ %9, %36 ], [ %9, %46 ], [ null, %34 ], [ null, %59 ] %64 = phi %struct.dentry.734* [ null, %36 ], [ null, %46 ], [ null, %34 ], [ %57, %59 ] %65 = phi %struct.dentry.734* [ null, %36 ], [ %47, %46 ], [ null, %34 ], [ null, %59 ] %66 = phi %struct.dentry.734* [ %3, %36 ], [ %3, %46 ], [ %3, %34 ], [ %57, %59 ] %67 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %7, i64 0, i32 0 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, -4096 %70 = icmp eq i16 %69, -32768 br i1 %70, label %71, label %73 %72 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %7) #69 Function:nfs_sync_inode tail call void bitcast (void (%struct.inode.126536*)* @inode_dio_wait to void (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 %2 = tail call i32 bitcast (i32 (%struct.inode.733*)* @nfs_wb_all to i32 (%struct.inode.180634*)*)(%struct.inode.180634* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 9 %26 = load %struct.address_space.692*, %struct.address_space.692** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.692*)*)(%struct.address_space.692* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %5 = getelementptr inbounds %struct.path.180038, %struct.path.180038* %0, i64 0, i32 1 %6 = load %struct.dentry.180623*, %struct.dentry.180623** %5, align 8 %7 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %6, i64 0, i32 5 %8 = load %struct.inode.180634*, %struct.inode.180634** %7, align 8 %9 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 8 %10 = load %struct.super_block.180619*, %struct.super_block.180619** %9, align 8 %11 = getelementptr inbounds %struct.super_block.180619, %struct.super_block.180619* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.180779** %13 = load %struct.nfs_server.180779*, %struct.nfs_server.180779** %12, align 64 %14 = and i32 %3, 8192 %15 = icmp eq i32 %14, 0 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_getattr, %16)) #6 to label %38 [label %16], !srcloc !4 %39 = and i32 %3, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %15, true %42 = or i1 %40, %41 br i1 %42, label %43, label %184 %44 = and i32 %2, 192 %45 = icmp eq i32 %44, 0 br i1 %45, label %55, label %46 %47 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 0 %48 = load i16, i16* %47, align 8 %49 = and i16 %48, -4096 %50 = icmp eq i16 %49, -32768 br i1 %50, label %51, label %55 %52 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 9 %53 = load %struct.address_space.180635*, %struct.address_space.180635** %52, align 8 %54 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.180635*)*)(%struct.address_space.180635* %53) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %5 = getelementptr inbounds %struct.path.722, %struct.path.722* %0, i64 0, i32 1 %6 = load %struct.dentry.734*, %struct.dentry.734** %5, align 8 %7 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %6, i64 0, i32 5 %8 = load %struct.inode.733*, %struct.inode.733** %7, align 8 %9 = getelementptr %struct.inode.733, %struct.inode.733* %8, i64 -1, i32 16, i32 1 %10 = bitcast i64* %9 to i16* %11 = load i16, i16* %10, align 2 %12 = icmp eq i16 %11, 0 br i1 %12, label %15, label %13 %14 = tail call i32 bitcast (i32 (%struct.path.180038*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.path.722*, %struct.kstat*, i32, i32)*)(%struct.path.722* %0, %struct.kstat* %1, i32 %2, i32 %3) #69 Function:nfs_getattr %5 = getelementptr inbounds %struct.path.180038, %struct.path.180038* %0, i64 0, i32 1 %6 = load %struct.dentry.180623*, %struct.dentry.180623** %5, align 8 %7 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %6, i64 0, i32 5 %8 = load %struct.inode.180634*, %struct.inode.180634** %7, align 8 %9 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 8 %10 = load %struct.super_block.180619*, %struct.super_block.180619** %9, align 8 %11 = getelementptr inbounds %struct.super_block.180619, %struct.super_block.180619* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.180779** %13 = load %struct.nfs_server.180779*, %struct.nfs_server.180779** %12, align 64 %14 = and i32 %3, 8192 %15 = icmp eq i32 %14, 0 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_getattr, %16)) #6 to label %38 [label %16], !srcloc !4 %39 = and i32 %3, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %15, true %42 = or i1 %40, %41 br i1 %42, label %43, label %184 %44 = and i32 %2, 192 %45 = icmp eq i32 %44, 0 br i1 %45, label %55, label %46 %47 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 0 %48 = load i16, i16* %47, align 8 %49 = and i16 %48, -4096 %50 = icmp eq i16 %49, -32768 br i1 %50, label %51, label %55 %52 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %8, i64 0, i32 9 %53 = load %struct.address_space.180635*, %struct.address_space.180635** %52, align 8 %54 = tail call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.180635*)*)(%struct.address_space.180635* %53) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __ia32_sys_ioctl ------------- Path:  Function:__ia32_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.124588* %14 = icmp eq i64 %12, 0 br i1 %14, label %25, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %20 %19 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 8 %116 = load %struct.super_block.124737*, %struct.super_block.124737** %115, align 8 %117 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 7 %118 = load %struct.inode_operations.124746*, %struct.inode_operations.124746** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.124746, %struct.inode_operations.124746* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.124737, %struct.super_block.124737* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.124861* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.124861** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.124861**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.124861, %struct.task_struct.124861* %157, i64 0, i32 161, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 9 %170 = load %struct.address_space.124755*, %struct.address_space.124755** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.124755*)*)(%struct.address_space.124755* %170) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __x64_sys_ioctl ------------- Path:  Function:__x64_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = tail call i64 @__fdget(i32 %8) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.124588* %13 = icmp eq i64 %11, 0 br i1 %13, label %24, label %14 %15 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %12, i32 %9, i64 %7) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %19 %18 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %12, i32 %8, i32 %9, i64 %7) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 8 %116 = load %struct.super_block.124737*, %struct.super_block.124737** %115, align 8 %117 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 7 %118 = load %struct.inode_operations.124746*, %struct.inode_operations.124746** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.124746, %struct.inode_operations.124746* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.124737, %struct.super_block.124737* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.124861* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.124861** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.124861**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.124861, %struct.task_struct.124861* %157, i64 0, i32 161, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 9 %170 = load %struct.address_space.124755*, %struct.address_space.124755** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.124755*)*)(%struct.address_space.124755* %170) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %1207 = tail call i32 bitcast (i32 (%struct.file.124588*, i32, i32, i64)* @do_vfs_ioctl to i32 (%struct.file.140166*, i32, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 8 %116 = load %struct.super_block.124737*, %struct.super_block.124737** %115, align 8 %117 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 7 %118 = load %struct.inode_operations.124746*, %struct.inode_operations.124746** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.124746, %struct.inode_operations.124746* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.124752*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.124737, %struct.super_block.124737* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.124861* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.124861** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.124861**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.124861, %struct.task_struct.124861* %157, i64 0, i32 161, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.124752, %struct.inode.124752* %12, i64 0, i32 9 %170 = load %struct.address_space.124755*, %struct.address_space.124755** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.100583*)* @filemap_write_and_wait to i32 (%struct.address_space.124755*)*)(%struct.address_space.124755* %170) #69 ------------- Good: 66 Bad: 17 Ignored: 109 Check Use of Function:__audit_inode_child Check Use of Function:mtrr_del Use: =BAD PATH= Call Stack: 0 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:mmc_ioctl_cdrom_read_data Check Use of Function:xt_compat_check_entry_offsets Check Use of Function:inet6_addr_add Check Use of Function:dev_add_pack Check Use of Function:to_compat_ipc64_perm Check Use of Function:mtrr_add Check Use of Function:ksys_fchmod Check Use of Function:proc_misc_d_revalidate Check Use of Function:alarmtimer_do_nsleep Check Use of Function:path_openat Check Use of Function:perf_event_alloc Check Use of Function:unregister_netdevice_many Check Use of Function:translate_table.59434 Check Use of Function:__ext4_journal_start_sb Check Use of Function:pci_read_config_dword Use: =BAD PATH= Call Stack: 0 amd_get_subcaches 1 subcaches_show ------------- Path:  Function:subcaches_show %4 = getelementptr inbounds %struct.device.4314, %struct.device.4314* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 32 %7 = bitcast i8* %6 to i64* %8 = tail call i64 @find_first_bit(i64* %7, i64 64) #69 %9 = trunc i64 %8 to i32 %10 = tail call i32 @amd_get_subcaches(i32 %9) #69 Function:amd_get_subcaches %2 = alloca i32, align 4 %3 = tail call zeroext i16 @amd_get_nb_id(i32 %0) #69 %4 = load i16, i16* @amd_northbridges.0, align 8 %5 = icmp ugt i16 %4, %3 %6 = load %struct.amd_northbridge*, %struct.amd_northbridge** @amd_northbridges.2, align 8 %7 = zext i16 %3 to i64 %8 = getelementptr %struct.amd_northbridge, %struct.amd_northbridge* %6, i64 %7 %9 = select i1 %5, %struct.amd_northbridge* %8, %struct.amd_northbridge* null %10 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %9, i64 0, i32 2 %11 = load %struct.pci_dev*, %struct.pci_dev** %10, align 8 %12 = bitcast i32* %2 to i8* %13 = load i64, i64* @amd_northbridges.1, align 8 %14 = and i64 %13, 4 %15 = icmp eq i64 %14, 0 br i1 %15, label %30, label %16 %17 = call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %11, i32 468, i32* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_0_show ------------- Path:  Function:cache_disable_0_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device.4314, %struct.device.4314* %0, i64 0, i32 9 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 444, i32* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_1_show ------------- Path:  Function:cache_disable_1_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device.4314, %struct.device.4314* %0, i64 0, i32 9 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 448, i32* nonnull %4) #69 ------------- Good: 1606 Bad: 3 Ignored: 4200 Check Use of Function:nfs_lookup Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.726, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.726* %7 to i8* %15 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %18 = load %struct.inode.733*, %struct.inode.733** %17, align 8 %19 = icmp eq %struct.inode.733* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %28 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 268435456 %31 = icmp eq i32 %30, 0 br i1 %31, label %306, label %237 %238 = phi %struct.dentry.734* [ %92, %182 ], [ %92, %175 ], [ %92, %175 ], [ %1, %27 ] %239 = phi i32 [ 0, %182 ], [ 0, %175 ], [ 0, %175 ], [ 258, %27 ] %240 = phi i8 [ %94, %182 ], [ %94, %175 ], [ %94, %175 ], [ 0, %27 ] %241 = call %struct.dentry.734* @nfs_lookup(%struct.inode.733* %0, %struct.dentry.734* %238, i32 %239) #70 ------------- Good: 0 Bad: 1 Ignored: 4 Check Use of Function:wake_up_q Check Use of Function:ramfs_create Check Use of Function:e1000e_phc_enable Check Use of Function:qdisc_get_stab Check Use of Function:fsync_bdev Check Use of Function:swap_inode_data Check Use of Function:xt_target_to_user Check Use of Function:proc_ns_dir_lookup Check Use of Function:sr_check_events Check Use of Function:release_dentry_name_snapshot Check Use of Function:put_ipc_ns Use: =BAD PATH= Call Stack: 0 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file.224245, %struct.file.224245* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %6, align 8 tail call void bitcast (void (%struct.ipc_namespace.225414*)* @put_ipc_ns to void (%struct.ipc_namespace.224021*)*)(%struct.ipc_namespace.224021* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %5 = tail call i32 @mqueue_create_attr(%struct.dentry.225196* %1, i16 zeroext %2, i8* null) #69 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry.225196, %struct.dentry.225196* %0, i64 0, i32 3 %5 = load %struct.dentry.225196*, %struct.dentry.225196** %4, align 8 %6 = getelementptr inbounds %struct.dentry.225196, %struct.dentry.225196* %5, i64 0, i32 5 %7 = load %struct.inode.225192*, %struct.inode.225192** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #69 %9 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %7, i64 0, i32 8 %10 = load %struct.super_block.225171*, %struct.super_block.225171** %9, align 8 %11 = getelementptr inbounds %struct.super_block.225171, %struct.super_block.225171* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.ipc_namespace.224699** %13 = load %struct.ipc_namespace.224699*, %struct.ipc_namespace.224699** %12, align 64 %14 = icmp eq %struct.ipc_namespace.224699* %13, null br i1 %14, label %55, label %15 %56 = phi i32 [ %34, %32 ], [ -28, %22 ], [ -13, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %14, label %58, label %57 tail call void bitcast (void (%struct.ipc_namespace.225414*)* @put_ipc_ns to void (%struct.ipc_namespace.224699*)*)(%struct.ipc_namespace.224699* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common.225212, %struct.ns_common.225212* %0, i64 -34, i32 2 %3 = bitcast i32* %2 to %struct.ipc_namespace.225414* tail call void @put_ipc_ns(%struct.ipc_namespace.225414* %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 sysvipc_proc_release ------------- Path:  Function:sysvipc_proc_release %3 = getelementptr inbounds %struct.file.45918, %struct.file.45918* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.45779** %5 = load %struct.seq_file.45779*, %struct.seq_file.45779** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.45779, %struct.seq_file.45779* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.ipc_proc_iter** %8 = load %struct.ipc_proc_iter*, %struct.ipc_proc_iter** %7, align 8 %9 = getelementptr inbounds %struct.ipc_proc_iter, %struct.ipc_proc_iter* %8, i64 0, i32 0 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 tail call void bitcast (void (%struct.ipc_namespace.225414*)* @put_ipc_ns to void (%struct.ipc_namespace*)*)(%struct.ipc_namespace* %10) #69 ------------- Good: 9 Bad: 4 Ignored: 8 Check Use of Function:set_fs_pwd Check Use of Function:dev_set_mtu Check Use of Function:chroot_fs_refs Check Use of Function:xt_compat_lock Check Use of Function:do_sys_open Use: =BAD PATH= Call Stack: 0 __ia32_sys_creat ------------- Path:  Function:__ia32_sys_creat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_sys_open(i32 -100, i8* %7, i32 33345, i16 zeroext %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_creat ------------- Path:  Function:__x64_sys_creat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_sys_open(i32 -100, i8* %4, i32 33345, i16 zeroext %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_openat ------------- Path:  Function:__ia32_compat_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i16 %15 = tail call i64 @do_sys_open(i32 %11, i8* %12, i32 %13, i16 zeroext %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_open ------------- Path:  Function:__ia32_compat_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_sys_open(i32 -100, i8* %9, i32 %10, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_openat ------------- Path:  Function:__ia32_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i16 %15 = or i32 %13, 32768 %16 = tail call i64 @do_sys_open(i32 %11, i8* %12, i32 %15, i16 zeroext %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_openat ------------- Path:  Function:__x64_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i16 %14 = or i32 %12, 32768 %15 = tail call i64 @do_sys_open(i32 %11, i8* %6, i32 %14, i16 zeroext %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_open ------------- Path:  Function:__ia32_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i16 %12 = or i32 %10, 32768 %13 = tail call i64 @do_sys_open(i32 -100, i8* %9, i32 %12, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_open ------------- Path:  Function:__x64_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i16 %11 = or i32 %9, 32768 %12 = tail call i64 @do_sys_open(i32 -100, i8* %4, i32 %11, i16 zeroext %10) #69 ------------- Good: 5 Bad: 8 Ignored: 0 Check Use of Function:xt_request_find_target Check Use of Function:pci_config_pm_runtime_put Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file.1620, %struct.file.1620* %0, i64 0, i32 2 %6 = load %struct.inode.1699*, %struct.inode.1699** %5, align 8 %7 = tail call i8* bitcast (i8* (%struct.inode.146664*)* @PDE_DATA to i8* (%struct.inode.1699*)*)(%struct.inode.1699* %6) #69 %8 = bitcast i8* %7 to %struct.pci_dev.276845* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 904 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, %10 br i1 %14, label %15, label %118 %16 = sext i32 %13 to i64 %17 = icmp ugt i64 %16, %2 %18 = select i1 %17, i64 %2, i64 %16 %19 = shl i64 %9, 32 %20 = ashr exact i64 %19, 32 %21 = add i64 %18, %20 %22 = icmp ugt i64 %21, %16 %23 = sub i32 %13, %10 %24 = sext i32 %23 to i64 %25 = select i1 %22, i64 %24, i64 %18 %26 = trunc i64 %25 to i32 %27 = shl i64 %25, 32 %28 = ashr exact i64 %27, 32 %29 = tail call %struct.task_struct.1872* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.1872** nonnull @current_task) #10, !srcloc !4 %30 = getelementptr inbounds %struct.task_struct.1872, %struct.task_struct.1872* %29, i64 0, i32 161, i32 17, i32 0 %31 = load i64, i64* %30, align 8 %32 = ptrtoint i8* %1 to i64 %33 = add i64 %28, %32 %34 = icmp ult i64 %33, %28 %35 = icmp ugt i64 %33, %31 %36 = or i1 %34, %35 br i1 %36, label %118, label %37, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.272149*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.276845*)*)(%struct.pci_dev.276845* %8) #69 %38 = and i32 %10, 1 %39 = icmp ne i32 %38, 0 %40 = icmp ne i32 %26, 0 %41 = and i1 %39, %40 br i1 %41, label %42, label %51 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %43 = bitcast i8* %1 to %struct.__large_struct* %44 = tail call { i32, i64 } asm sideeffect "\0A1:\09movb $2,${1:b}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorb ${1:b},${1:b}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=q,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %43, i32 -14, i32 0) #6, !srcloc !9 %45 = extractvalue { i32, i64 } %44, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %46 = trunc i64 %45 to i8 %47 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i8)* @pci_user_write_config_byte to i32 (%struct.pci_dev.276845*, i32, i8)*)(%struct.pci_dev.276845* %8, i32 %10, i8 zeroext %46) #69 %48 = getelementptr i8, i8* %1, i64 1 %49 = add nsw i32 %10, 1 %50 = add i32 %26, -1 br label %51 %52 = phi i32 [ %50, %42 ], [ %26, %37 ] %53 = phi i32 [ %49, %42 ], [ %10, %37 ] %54 = phi i8* [ %48, %42 ], [ %1, %37 ] %55 = and i32 %53, 3 %56 = icmp ne i32 %55, 0 %57 = icmp sgt i32 %52, 2 %58 = and i1 %57, %56 br i1 %58, label %59, label %68 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = bitcast i8* %54 to %struct.__large_struct* %61 = tail call { i32, i64 } asm sideeffect "\0A1:\09movw $2,${1:w}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorw ${1:w},${1:w}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60, i32 -14, i32 0) #6, !srcloc !12 %62 = extractvalue { i32, i64 } %61, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %63 = trunc i64 %62 to i16 %64 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.276845*, i32, i16)*)(%struct.pci_dev.276845* %8, i32 %53, i16 zeroext %63) #69 %65 = getelementptr i8, i8* %54, i64 2 %66 = add i32 %53, 2 %67 = add nsw i32 %52, -2 br label %68 %69 = phi i32 [ %67, %59 ], [ %52, %51 ] %70 = phi i32 [ %66, %59 ], [ %53, %51 ] %71 = phi i8* [ %65, %59 ], [ %54, %51 ] %72 = icmp sgt i32 %69, 3 br i1 %72, label %73, label %86 %74 = phi i8* [ %82, %73 ], [ %71, %68 ] %75 = phi i32 [ %83, %73 ], [ %70, %68 ] %76 = phi i32 [ %84, %73 ], [ %69, %68 ] tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %77 = bitcast i8* %74 to %struct.__large_struct* %78 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %77, i32 -14, i32 0) #6, !srcloc !14 %79 = extractvalue { i32, i64 } %78, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = trunc i64 %79 to i32 %81 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32)* @pci_user_write_config_dword to i32 (%struct.pci_dev.276845*, i32, i32)*)(%struct.pci_dev.276845* %8, i32 %75, i32 %80) #69 %82 = getelementptr i8, i8* %74, i64 4 %83 = add i32 %75, 4 %84 = add nsw i32 %76, -4 %85 = icmp sgt i32 %76, 7 br i1 %85, label %73, label %86 %87 = phi i32 [ %69, %68 ], [ %84, %73 ] %88 = phi i32 [ %70, %68 ], [ %83, %73 ] %89 = phi i8* [ %71, %68 ], [ %82, %73 ] %90 = icmp sgt i32 %87, 1 br i1 %90, label %91, label %100 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %92 = bitcast i8* %89 to %struct.__large_struct* %93 = tail call { i32, i64 } asm sideeffect "\0A1:\09movw $2,${1:w}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorw ${1:w},${1:w}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %92, i32 -14, i32 0) #6, !srcloc !16 %94 = extractvalue { i32, i64 } %93, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %95 = trunc i64 %94 to i16 %96 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.276845*, i32, i16)*)(%struct.pci_dev.276845* %8, i32 %88, i16 zeroext %95) #69 %97 = getelementptr i8, i8* %89, i64 2 %98 = add i32 %88, 2 %99 = add nsw i32 %87, -2 br label %100 %101 = phi i32 [ %99, %91 ], [ %87, %86 ] %102 = phi i32 [ %98, %91 ], [ %88, %86 ] %103 = phi i8* [ %97, %91 ], [ %89, %86 ] %104 = icmp eq i32 %101, 0 br i1 %104, label %112, label %105 %113 = phi i32 [ %111, %105 ], [ %102, %100 ] tail call void bitcast (void (%struct.pci_dev.272149*)* @pci_config_pm_runtime_put to void (%struct.pci_dev.276845*)*)(%struct.pci_dev.276845* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -1, i32 5 %8 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 -21 %9 = bitcast %struct.kernfs_node** %8 to %struct.pci_dev.272149* %10 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 92 %11 = bitcast %struct.kernfs_node** %10 to i32* %12 = load i32, i32* %11, align 8 %13 = sext i32 %12 to i64 %14 = icmp slt i64 %13, %4 br i1 %14, label %119, label %15 %16 = trunc i64 %5 to i32 %17 = add i64 %5, %4 %18 = icmp ugt i64 %17, %13 %19 = trunc i64 %4 to i32 %20 = sub i32 %12, %19 %21 = zext i32 %20 to i64 %22 = select i1 %18, i32 %20, i32 %16 %23 = select i1 %18, i64 %21, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.272149* %9) #69 %24 = and i64 %4, 1 %25 = icmp ne i64 %24, 0 %26 = icmp ne i32 %22, 0 %27 = and i1 %25, %26 br i1 %27, label %28, label %33 %29 = load i8, i8* %3, align 1 %30 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i8)* @pci_user_write_config_byte to i32 (%struct.pci_dev.272149*, i32, i8)*)(%struct.pci_dev.272149* %9, i32 %19, i8 zeroext %29) #69 %31 = add i64 %4, 1 %32 = add i32 %22, -1 br label %33 %34 = phi i32 [ %32, %28 ], [ %22, %15 ] %35 = phi i64 [ %31, %28 ], [ %4, %15 ] %36 = and i64 %35, 3 %37 = icmp ne i64 %36, 0 %38 = icmp ugt i32 %34, 2 %39 = and i1 %38, %37 br i1 %39, label %40, label %55 %41 = sub i64 %35, %4 %42 = getelementptr i8, i8* %3, i64 %41 %43 = load i8, i8* %42, align 1 %44 = add i64 %41, 1 %45 = getelementptr i8, i8* %3, i64 %44 %46 = load i8, i8* %45, align 1 %47 = zext i8 %46 to i16 %48 = shl nuw i16 %47, 8 %49 = zext i8 %43 to i16 %50 = or i16 %48, %49 %51 = trunc i64 %35 to i32 %52 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.272149*, i32, i16)*)(%struct.pci_dev.272149* %9, i32 %51, i16 zeroext %50) #69 %53 = add i64 %35, 2 %54 = add i32 %34, -2 br label %55 %56 = phi i32 [ %54, %40 ], [ %34, %33 ] %57 = phi i64 [ %53, %40 ], [ %35, %33 ] %58 = icmp ugt i32 %56, 3 br i1 %58, label %59, label %89 %60 = phi i64 [ %86, %59 ], [ %57, %55 ] %61 = phi i32 [ %87, %59 ], [ %56, %55 ] %62 = sub i64 %60, %4 %63 = getelementptr i8, i8* %3, i64 %62 %64 = load i8, i8* %63, align 1 %65 = zext i8 %64 to i32 %66 = add i64 %62, 1 %67 = getelementptr i8, i8* %3, i64 %66 %68 = load i8, i8* %67, align 1 %69 = zext i8 %68 to i32 %70 = shl nuw nsw i32 %69, 8 %71 = or i32 %70, %65 %72 = add i64 %62, 2 %73 = getelementptr i8, i8* %3, i64 %72 %74 = load i8, i8* %73, align 1 %75 = zext i8 %74 to i32 %76 = shl nuw nsw i32 %75, 16 %77 = or i32 %71, %76 %78 = add i64 %62, 3 %79 = getelementptr i8, i8* %3, i64 %78 %80 = load i8, i8* %79, align 1 %81 = zext i8 %80 to i32 %82 = shl nuw i32 %81, 24 %83 = or i32 %77, %82 %84 = trunc i64 %60 to i32 %85 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32)* @pci_user_write_config_dword to i32 (%struct.pci_dev.272149*, i32, i32)*)(%struct.pci_dev.272149* %9, i32 %84, i32 %83) #69 %86 = add i64 %60, 4 %87 = add i32 %61, -4 %88 = icmp ugt i32 %87, 3 br i1 %88, label %59, label %89 %90 = phi i32 [ %56, %55 ], [ %87, %59 ] %91 = phi i64 [ %57, %55 ], [ %86, %59 ] %92 = icmp ugt i32 %90, 1 br i1 %92, label %93, label %108 %94 = sub i64 %91, %4 %95 = getelementptr i8, i8* %3, i64 %94 %96 = load i8, i8* %95, align 1 %97 = add i64 %94, 1 %98 = getelementptr i8, i8* %3, i64 %97 %99 = load i8, i8* %98, align 1 %100 = zext i8 %99 to i16 %101 = shl nuw i16 %100, 8 %102 = zext i8 %96 to i16 %103 = or i16 %101, %102 %104 = trunc i64 %91 to i32 %105 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.272149*, i32, i16)*)(%struct.pci_dev.272149* %9, i32 %104, i16 zeroext %103) #69 %106 = add i64 %91, 2 %107 = add nsw i32 %90, -2 br label %108 %109 = phi i32 [ %107, %93 ], [ %90, %89 ] %110 = phi i64 [ %106, %93 ], [ %91, %89 ] %111 = icmp eq i32 %109, 0 br i1 %111, label %118, label %112 tail call void @pci_config_pm_runtime_put(%struct.pci_dev.272149* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -1, i32 5 %8 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 -21 %9 = bitcast %struct.kernfs_node** %8 to %struct.pci_dev.272149* %10 = getelementptr %struct.kernfs_node*, %struct.kernfs_node** %7, i64 92 %11 = bitcast %struct.kernfs_node** %10 to i32* %12 = load i32, i32* %11, align 8 %13 = sext i32 %12 to i64 %14 = icmp slt i64 %13, %4 br i1 %14, label %119, label %15 %16 = trunc i64 %5 to i32 %17 = add i64 %5, %4 %18 = icmp ugt i64 %17, %13 %19 = trunc i64 %4 to i32 %20 = sub i32 %12, %19 %21 = zext i32 %20 to i64 %22 = select i1 %18, i32 %20, i32 %16 %23 = select i1 %18, i64 %21, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.272149* %9) #69 %24 = and i64 %4, 1 %25 = icmp ne i64 %24, 0 %26 = icmp ne i32 %22, 0 %27 = and i1 %25, %26 br i1 %27, label %28, label %33 %29 = load i8, i8* %3, align 1 %30 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i8)* @pci_user_write_config_byte to i32 (%struct.pci_dev.272149*, i32, i8)*)(%struct.pci_dev.272149* %9, i32 %19, i8 zeroext %29) #69 %31 = add i64 %4, 1 %32 = add i32 %22, -1 br label %33 %34 = phi i32 [ %32, %28 ], [ %22, %15 ] %35 = phi i64 [ %31, %28 ], [ %4, %15 ] %36 = and i64 %35, 3 %37 = icmp ne i64 %36, 0 %38 = icmp ugt i32 %34, 2 %39 = and i1 %38, %37 br i1 %39, label %40, label %55 %41 = sub i64 %35, %4 %42 = getelementptr i8, i8* %3, i64 %41 %43 = load i8, i8* %42, align 1 %44 = add i64 %41, 1 %45 = getelementptr i8, i8* %3, i64 %44 %46 = load i8, i8* %45, align 1 %47 = zext i8 %46 to i16 %48 = shl nuw i16 %47, 8 %49 = zext i8 %43 to i16 %50 = or i16 %48, %49 %51 = trunc i64 %35 to i32 %52 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.272149*, i32, i16)*)(%struct.pci_dev.272149* %9, i32 %51, i16 zeroext %50) #69 %53 = add i64 %35, 2 %54 = add i32 %34, -2 br label %55 %56 = phi i32 [ %54, %40 ], [ %34, %33 ] %57 = phi i64 [ %53, %40 ], [ %35, %33 ] %58 = icmp ugt i32 %56, 3 br i1 %58, label %59, label %89 %60 = phi i64 [ %86, %59 ], [ %57, %55 ] %61 = phi i32 [ %87, %59 ], [ %56, %55 ] %62 = sub i64 %60, %4 %63 = getelementptr i8, i8* %3, i64 %62 %64 = load i8, i8* %63, align 1 %65 = zext i8 %64 to i32 %66 = add i64 %62, 1 %67 = getelementptr i8, i8* %3, i64 %66 %68 = load i8, i8* %67, align 1 %69 = zext i8 %68 to i32 %70 = shl nuw nsw i32 %69, 8 %71 = or i32 %70, %65 %72 = add i64 %62, 2 %73 = getelementptr i8, i8* %3, i64 %72 %74 = load i8, i8* %73, align 1 %75 = zext i8 %74 to i32 %76 = shl nuw nsw i32 %75, 16 %77 = or i32 %71, %76 %78 = add i64 %62, 3 %79 = getelementptr i8, i8* %3, i64 %78 %80 = load i8, i8* %79, align 1 %81 = zext i8 %80 to i32 %82 = shl nuw i32 %81, 24 %83 = or i32 %77, %82 %84 = trunc i64 %60 to i32 %85 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i32)* @pci_user_write_config_dword to i32 (%struct.pci_dev.272149*, i32, i32)*)(%struct.pci_dev.272149* %9, i32 %84, i32 %83) #69 %86 = add i64 %60, 4 %87 = add i32 %61, -4 %88 = icmp ugt i32 %87, 3 br i1 %88, label %59, label %89 %90 = phi i32 [ %56, %55 ], [ %87, %59 ] %91 = phi i64 [ %57, %55 ], [ %86, %59 ] %92 = icmp ugt i32 %90, 1 br i1 %92, label %93, label %108 %94 = sub i64 %91, %4 %95 = getelementptr i8, i8* %3, i64 %94 %96 = load i8, i8* %95, align 1 %97 = add i64 %94, 1 %98 = getelementptr i8, i8* %3, i64 %97 %99 = load i8, i8* %98, align 1 %100 = zext i8 %99 to i16 %101 = shl nuw i16 %100, 8 %102 = zext i8 %96 to i16 %103 = or i16 %101, %102 %104 = trunc i64 %91 to i32 %105 = tail call i32 bitcast (i32 (%struct.pci_dev.271518*, i32, i16)* @pci_user_write_config_word to i32 (%struct.pci_dev.272149*, i32, i16)*)(%struct.pci_dev.272149* %9, i32 %104, i16 zeroext %103) #69 %106 = add i64 %91, 2 %107 = add nsw i32 %90, -2 br label %108 %109 = phi i32 [ %107, %93 ], [ %90, %89 ] %110 = phi i64 [ %106, %93 ], [ %91, %89 ] %111 = icmp eq i32 %109, 0 br i1 %111, label %118, label %112 tail call void @pci_config_pm_runtime_put(%struct.pci_dev.272149* %9) #69 ------------- Good: 2 Bad: 3 Ignored: 3 Check Use of Function:do_add_mount Check Use of Function:netdev_state_change Check Use of Function:pci_write_config_dword Check Use of Function:proc_map_files_lookup Check Use of Function:ipip6_newlink Check Use of Function:serial8250_pm Check Use of Function:__lookup_hash Check Use of Function:deactivate_locked_super Check Use of Function:out_of_line_wait_on_bit Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #69 %6 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 8 %21 = load %struct.file.725*, %struct.file.725** %20, align 8 %22 = getelementptr inbounds %struct.file.725, %struct.file.725* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.197135** %24 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %23, align 8 %25 = icmp eq %struct.nfs_open_context.197135* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %24, i64 0, i32 3 %28 = load %struct.rpc_cred*, %struct.rpc_cred** %27, align 8 br label %29 %30 = phi %struct.rpc_cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.197135* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode.733* %5, %struct.rpc_cred* %30, %struct.nfs_fattr* %1, %struct.iattr.726* %2, %struct.nfs_open_context.197135* %31, %struct.nfs4_label* null) #70 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %12 = load %struct.super_block.720*, %struct.super_block.720** %11, align 8 %13 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.nfs_server.197100** %15 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %14, align 64 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.197135* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.197134* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr.726* %3, %struct.iattr.726** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.197134* %22, %struct.nfs4_state.197134** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode.733* %0, %struct.inode.733** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 33, i64 0 %45 = bitcast i32* %44 to i8* %46 = icmp eq %struct.inode.733* %0, null %47 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %48 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %47, i64 9, i32 1 %49 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %3, i64 0, i32 0 %50 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 0 %51 = icmp eq %struct.nfs4_state.197134* %22, null %52 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %22, i64 0, i32 13 br label %53 br i1 %46, label %73, label %54 %74 = call fastcc i32 @_nfs4_do_setattr(%struct.inode.733* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.rpc_cred* %1, %struct.nfs_open_context.197135* %4) #70 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.rpc_cred*, align 8 %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %12 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.nfs_server.197100** %14 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %13, align 64 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* %3, %struct.rpc_cred** %21, align 8 %22 = bitcast %struct.rpc_cred** %9 to i8* store %struct.rpc_cred* null, %struct.rpc_cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr.726*, %struct.iattr.726** %26, align 8 %28 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 bitcast (i1 (%struct.inode.733*, i32, %struct.nfs4_stateid_struct*, %struct.rpc_cred.201653**)* @nfs4_copy_delegation_stateid to i1 (%struct.inode.733*, i32, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.inode.733* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.rpc_cred** nonnull %9) #69 br i1 %36, label %63, label %37 %38 = icmp eq %struct.nfs_open_context.197135* %4, null br i1 %38, label %58, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %4, i64 0, i32 4 %41 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %40, align 8 %42 = icmp eq %struct.nfs4_state.197134* %41, null br i1 %42, label %58, label %43 %44 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %152 %49 = call %struct.nfs_lock_context.197128* bitcast (%struct.nfs_lock_context.180729* (%struct.nfs_open_context.180736*)* @nfs_get_lock_context to %struct.nfs_lock_context.197128* (%struct.nfs_open_context.197135*)*)(%struct.nfs_open_context.197135* nonnull %4) #69 %50 = icmp ugt %struct.nfs_lock_context.197128* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.197128*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %55, i32 2, %struct.nfs_lock_context.197128* %49, %struct.nfs4_stateid_struct* %35, %struct.rpc_cred** nonnull %9) #69 call void bitcast (void (%struct.nfs_lock_context.180729*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.197128*)*)(%struct.nfs_lock_context.197128* %49) #69 %57 = icmp eq i32 %56, -5 br i1 %57, label %152, label %63 %64 = load %struct.rpc_cred*, %struct.rpc_cred** %9, align 8 %65 = icmp eq %struct.rpc_cred* %64, null br i1 %65, label %67, label %66 %68 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %14, i64 0, i32 3 %69 = bitcast %struct.rpc_clnt** %68 to i64* %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %73, align 8 %74 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %75 = load i8, i8* %74, align 8 %76 = and i8 %75, -4 %77 = or i8 %76, 1 store i8 %77, i8* %74, align 8 %78 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %78, align 8 %79 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %14, i64 0, i32 0 %80 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %79, align 8 %81 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %82 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.197100* %14, %struct.nfs_server.197100** %82, align 8 %83 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %71, %struct.nfs4_sequence_args.197117** %83, align 8 %84 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %72, %struct.nfs4_sequence_res.197119** %84, align 8 %85 = bitcast %struct.rpc_task_setup* %7 to i8* %86 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %86, align 8 %87 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %88 = bitcast %struct.rpc_clnt** %87 to i64* store i64 %70, i64* %88, align 8 %89 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %89, align 8 %90 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %90, align 8 %91 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %92 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %80, i64 0, i32 29 %93 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 %97 = bitcast %struct.rpc_call_ops** %91 to i64* store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %99 = bitcast i8** %98 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %99, align 8 %100 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %100, align 8 %101 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 store i16 0, i16* %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 store i8 0, i8* %102, align 2 %103 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_server_capabilities 4 nfs4_proc_get_root ------------- Path:  Function:nfs4_proc_get_root %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 %6 = tail call i32 @nfs4_server_capabilities(%struct.nfs_server.197100* %0, %struct.nfs_fh* %1) #69 Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast [3 x i32]* %5 to i8* %12 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %13 = bitcast i32* %12 to i64* %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %15 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %20 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_server_caps_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %29 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %30 = bitcast %struct.rpc_clnt** %29 to i64* %31 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %4 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %53 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %54 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %55 = bitcast i32* %54 to i8* %56 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %57 = getelementptr [3 x i32], [3 x i32]* %56, i64 0, i64 0 %58 = bitcast [3 x i32]* %56 to i8* %59 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 9 %60 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %61 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %63 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34 %64 = bitcast [3 x i32]* %63 to i8* %65 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34, i64 2 %66 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 0 %67 = bitcast [3 x i32]* %56 to i64* %68 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 1 %69 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 2 %70 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %71 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %73 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 35, i64 0 %74 = bitcast i32* %73 to i8* %75 = bitcast i32* %70 to i8* %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 37 %77 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %78 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 38 %79 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %80 store i64 0, i64* %13, align 4 %81 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %14, align 8 %82 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 15 %83 = load i32, i32* %82, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 30), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 store i32 8293, i32* %19, align 4 %84 = icmp eq i32 %83, 0 br i1 %84, label %86, label %85 store i32 2048, i32* %28, align 4 br label %86 %87 = load i64, i64* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %87, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %88 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 29 %89 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %89, i64 0, i32 10 %91 = bitcast %struct.rpc_call_ops** %90 to i64* %92 = load i64, i64* %91, align 8 store i64 %92, i64* %46, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %93 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast [3 x i32]* %5 to i8* %12 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %13 = bitcast i32* %12 to i64* %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %15 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %20 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_server_caps_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %29 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %30 = bitcast %struct.rpc_clnt** %29 to i64* %31 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %4 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %53 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %54 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %55 = bitcast i32* %54 to i8* %56 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %57 = getelementptr [3 x i32], [3 x i32]* %56, i64 0, i64 0 %58 = bitcast [3 x i32]* %56 to i8* %59 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 9 %60 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %61 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %63 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34 %64 = bitcast [3 x i32]* %63 to i8* %65 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34, i64 2 %66 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 0 %67 = bitcast [3 x i32]* %56 to i64* %68 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 1 %69 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 2 %70 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %71 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %73 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 35, i64 0 %74 = bitcast i32* %73 to i8* %75 = bitcast i32* %70 to i8* %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 37 %77 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %78 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 38 %79 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %80 store i64 0, i64* %13, align 4 %81 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %14, align 8 %82 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 15 %83 = load i32, i32* %82, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 30), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 store i32 8293, i32* %19, align 4 %84 = icmp eq i32 %83, 0 br i1 %84, label %86, label %85 store i32 2048, i32* %28, align 4 br label %86 %87 = load i64, i64* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %87, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %88 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 29 %89 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %89, i64 0, i32 10 %91 = bitcast %struct.rpc_call_ops** %90 to i64* %92 = load i64, i64* %91, align 8 store i64 %92, i64* %46, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %93 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 %58 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %58) #69 %59 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %60 = load i8, i8* %30, align 8 %61 = and i8 %60, -4 store i8 %61, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %24, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %59, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_do_fsinfo 4 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #69 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.197100* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #70 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = load volatile i64, i64* @jiffies, align 64 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %19 = bitcast i64* %18 to i8* %20 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 %55 = load i64, i64* %29, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %13, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %30, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %55, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 %65 = ptrtoint %struct.rpc_task* %62 to i64 %66 = trunc i64 %65 to i32 br label %70 %71 = phi i32 [ %66, %64 ], [ %69, %67 ] %72 = load %struct.nfs_fattr*, %struct.nfs_fattr** %52, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_do_fsinfo, %73)) #6 to label %95 [label %73], !srcloc !4 %96 = icmp eq i32 %71, 0 br i1 %96, label %97, label %103 %104 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %71, %struct.nfs4_exception* nonnull %9) #70 %105 = load i8, i8* %53, align 8 %106 = and i8 %105, 8 %107 = icmp eq i8 %106, 0 br i1 %107, label %108, label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 %55 = load i64, i64* %29, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %13, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %30, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %55, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_statfs_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_statfs_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %51 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 27), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %23, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %24, align 8 %52 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %52) #69 %53 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %54 = load i8, i8* %30, align 8 %55 = and i8 %54, -4 store i8 %55, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %53, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 %65 = ptrtoint %struct.rpc_task* %62 to i64 %66 = trunc i64 %65 to i32 br label %70 %71 = phi i32 [ %66, %64 ], [ %69, %67 ] %72 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %71, %struct.nfs4_exception* nonnull %9) #70 %73 = load i8, i8* %50, align 8 %74 = and i8 %73, 8 %75 = icmp eq i8 %74, 0 br i1 %75, label %76, label %51 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 27), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %23, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %24, align 8 %52 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %52) #69 %53 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %54 = load i8, i8* %30, align 8 %55 = and i8 %54, -4 store i8 %55, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %53, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_readdir_arg, align 8 %10 = alloca %struct.nfs4_readdir_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = zext i1 %5 to i8 %15 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %16 = bitcast %struct.nfs4_readdir_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 1 %19 = bitcast %struct.nfs_fh** %18 to i64** %20 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 4 %22 = bitcast i64* %20 to i8* %23 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 5 %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 6 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 7 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 8 %27 = bitcast %struct.nfs4_readdir_res* %10 to i8* %28 = bitcast %struct.rpc_message* %11 to i8* %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %31 = bitcast i8** %30 to %struct.nfs4_readdir_arg** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %33 = bitcast i8** %32 to %struct.nfs4_readdir_res** %34 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %35 = icmp ugt i64 %2, 2 %36 = bitcast %struct.page.694** %3 to i64* %37 = icmp eq i64 %2, 2 %38 = icmp eq i64 %2, 0 %39 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 3 %40 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 3, i32 0, i64 0 %42 = bitcast i8* %41 to i64* %43 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0 %45 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0, i32 0 %47 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %51 = bitcast %struct.rpc_task_setup* %8 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 0 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 3 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %64 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 1, i32 0, i64 0 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %67 %68 = load %struct.inode.733*, %struct.inode.733** %15, align 8 %69 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %68, i64 0, i32 8 %70 = load %struct.super_block.720*, %struct.super_block.720** %69, align 8 %71 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %70, i64 0, i32 30 %72 = bitcast i8** %71 to %struct.nfs_server.197100** %73 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %72, align 64 %74 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16, i32 1 store i64* %74, i64** %19, align 8 store i32 %4, i32* %21, align 8 store %struct.page.694** %3, %struct.page.694*** %23, align 8 store i32 0, i32* %24, align 8 store i8 %14, i8* %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 29), %struct.rpc_procinfo** %29, align 8 store %struct.nfs4_readdir_arg* %9, %struct.nfs4_readdir_arg** %31, align 8 store %struct.nfs4_readdir_res* %10, %struct.nfs4_readdir_res** %33, align 8 store %struct.rpc_cred* %1, %struct.rpc_cred** %34, align 8 %75 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 9 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 262144 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 34, i64 0 %80 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 33, i64 0 %81 = select i1 %78, i32* %79, i32* %80 store i32* %81, i32** %25, align 8 %82 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %82, i64 15 br i1 %35, label %84, label %87 br i1 %37, label %155, label %88 %89 = load i64, i64* %36, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %90 = call %struct.task_struct.684* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.684** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.684**)) #10, !srcloc !5 %91 = getelementptr inbounds %struct.task_struct.684, %struct.task_struct.684* %90, i64 0, i32 155 %92 = load i32, i32* %91, align 16 %93 = add i32 %92, 1 store i32 %93, i32* %91, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %94 = load i64, i64* @vmemmap_base, align 8 %95 = sub i64 %89, %94 %96 = shl i64 %95, 6 %97 = load i64, i64* @page_offset_base, align 8 %98 = add i64 %96, %97 %99 = inttoptr i64 %98 to i8* %100 = inttoptr i64 %98 to i32* br i1 %38, label %101, label %126 %102 = getelementptr i8, i8* %99, i64 4 %103 = bitcast i8* %102 to i32* store i32 16777216, i32* %100, align 4 %104 = getelementptr i8, i8* %99, i64 8 %105 = bitcast i8* %104 to i32* store i32 0, i32* %103, align 4 %106 = getelementptr i8, i8* %99, i64 12 %107 = bitcast i8* %106 to i32* store i32 16777216, i32* %105, align 4 %108 = getelementptr i8, i8* %99, i64 16 store i32 16777216, i32* %107, align 4 %109 = bitcast i8* %108 to i32* store i32 46, i32* %109, align 4 %110 = getelementptr i8, i8* %99, i64 20 %111 = bitcast i8* %110 to i32* %112 = getelementptr i8, i8* %99, i64 24 %113 = bitcast i8* %112 to i32* store i32 16777216, i32* %111, align 4 %114 = getelementptr i8, i8* %99, i64 28 %115 = bitcast i8* %114 to i32* store i32 33558528, i32* %113, align 4 %116 = getelementptr i8, i8* %99, i64 32 %117 = bitcast i8* %116 to i32* store i32 201326592, i32* %115, align 4 %118 = getelementptr i8, i8* %99, i64 36 store i32 33554432, i32* %117, align 4 %119 = load %struct.inode.733*, %struct.inode.733** %15, align 8 %120 = getelementptr %struct.inode.733, %struct.inode.733* %119, i64 -1, i32 16, i32 0 %121 = load i64, i64* %120, align 8 %122 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %121) #10, !srcloc !7 %123 = bitcast i8* %118 to i64* store i64 %122, i64* %123, align 8 %124 = getelementptr i8, i8* %99, i64 44 %125 = bitcast i8* %124 to i32* br label %126 %127 = phi i32* [ %125, %101 ], [ %100, %88 ] %128 = getelementptr i32, i32* %127, i64 1 store i32 16777216, i32* %127, align 4 %129 = getelementptr i32, i32* %127, i64 2 store i32 0, i32* %128, align 4 %130 = getelementptr i32, i32* %127, i64 3 store i32 33554432, i32* %129, align 4 %131 = getelementptr i32, i32* %127, i64 4 store i32 33554432, i32* %130, align 4 store i32 11822, i32* %131, align 4 %132 = getelementptr i32, i32* %127, i64 5 %133 = getelementptr i32, i32* %127, i64 6 store i32 16777216, i32* %132, align 4 %134 = getelementptr i32, i32* %127, i64 7 store i32 33558528, i32* %133, align 4 %135 = getelementptr i32, i32* %127, i64 8 store i32 201326592, i32* %134, align 4 %136 = getelementptr i32, i32* %127, i64 9 store i32 33554432, i32* %135, align 4 %137 = load %struct.dentry.734*, %struct.dentry.734** %39, align 8 %138 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %137, i64 0, i32 5 %139 = load %struct.inode.733*, %struct.inode.733** %138, align 8 %140 = getelementptr %struct.inode.733, %struct.inode.733* %139, i64 -1, i32 16, i32 0 %141 = load i64, i64* %140, align 8 %142 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %141) #10, !srcloc !7 %143 = bitcast i32* %136 to i64* store i64 %142, i64* %143, align 8 %144 = getelementptr i32, i32* %127, i64 11 %145 = ptrtoint i32* %144 to i64 %146 = sub i64 %145, %98 %147 = trunc i64 %146 to i32 store i32 %147, i32* %24, align 8 %148 = load i32, i32* %21, align 8 %149 = sub i32 %148, %147 store i32 %149, i32* %21, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %150 = load i32, i32* %91, align 16 %151 = add i32 %150, -1 store i32 %151, i32* %91, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %152 = load i32, i32* %24, align 8 %153 = load i8, i8* %40, align 8 %154 = and i8 %153, -4 br label %155 %156 = phi i8 [ 0, %84 ], [ 0, %87 ], [ %154, %126 ] %157 = phi i32 [ 0, %84 ], [ 0, %87 ], [ %152, %126 ] store i32 %157, i32* %43, align 8 %158 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 3 %159 = bitcast %struct.rpc_clnt** %158 to i64* %160 = load i64, i64* %159, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %45, align 8 store i8 %156, i8* %40, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %46, align 8 %161 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 0 %162 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %161, align 8 store %struct.nfs_server.197100* %73, %struct.nfs_server.197100** %48, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %49, align 8 store %struct.nfs4_sequence_res.197119* %44, %struct.nfs4_sequence_res.197119** %50, align 8 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 store i64 %160, i64* %54, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %55, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %56, align 8 %163 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %162, i64 0, i32 29 %164 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %163, align 8 %165 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %164, i64 0, i32 10 %166 = bitcast %struct.rpc_call_ops** %165 to i64* %167 = load i64, i64* %166, align 8 store i64 %167, i64* %58, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %60, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %61, align 8 store i16 0, i16* %62, align 8 store i8 0, i8* %63, align 2 %168 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 _nfs4_proc_remove 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %6 = load %struct.inode.733*, %struct.inode.733** %5, align 8 %7 = icmp eq %struct.inode.733* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %18 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %19 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %20 %21 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %17, i32 1) #70 %45 = load %struct.super_block.720*, %struct.super_block.720** %18, align 8 %46 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %45, i64 0, i32 30 %47 = bitcast i8** %46 to %struct.nfs_server.197100** %48 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %47, align 64 %49 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %48, i32 %21, %struct.nfs4_exception* nonnull %3) #70 %50 = load i8, i8* %19, align 8 %51 = and i8 %50, 8 %52 = icmp eq i8 %51, 0 br i1 %52, label %53, label %20 %21 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %17, i32 1) #70 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.197118, align 8 %7 = alloca %struct.nfs_removeres.197120, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %10 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %11 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.197100** %13 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %12, align 64 %14 = bitcast %struct.nfs_removeargs.197118* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.197120* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 1 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.197118** store %struct.nfs_removeargs.197118* %6, %struct.nfs_removeargs.197118** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.197120** store %struct.nfs_removeres.197120* %7, %struct.nfs_removeres.197120** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* null, %struct.rpc_cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 0 %42 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %43 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %37, %struct.nfs4_sequence_res.197119** %46, align 8 %47 = bitcast %struct.rpc_task_setup* %5 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* store i64 %36, i64* %50, align 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %54 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %42, i64 0, i32 29 %55 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %54, align 8 %56 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %55, i64 0, i32 10 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = load i64, i64* %57, align 8 %59 = bitcast %struct.rpc_call_ops** %53 to i64* store i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = bitcast i8** %60 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %62, align 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 0, i16* %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %64, align 2 %65 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 _nfs4_proc_remove 4 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %7 %8 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %1, i32 2) #69 %32 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %33 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %32, i64 0, i32 30 %34 = bitcast i8** %33 to %struct.nfs_server.197100** %35 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %34, align 64 %36 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %35, i32 %8, %struct.nfs4_exception* nonnull %3) #69 %37 = load i8, i8* %6, align 8 %38 = and i8 %37, 8 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %7 %8 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %1, i32 2) #69 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.197118, align 8 %7 = alloca %struct.nfs_removeres.197120, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %10 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %11 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.197100** %13 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %12, align 64 %14 = bitcast %struct.nfs_removeargs.197118* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.197120* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 1 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.197118** store %struct.nfs_removeargs.197118* %6, %struct.nfs_removeargs.197118** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.197120** store %struct.nfs_removeres.197120* %7, %struct.nfs_removeres.197120** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* null, %struct.rpc_cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 0 %42 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %43 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %37, %struct.nfs4_sequence_res.197119** %46, align 8 %47 = bitcast %struct.rpc_task_setup* %5 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* store i64 %36, i64* %50, align 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %54 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %42, i64 0, i32 29 %55 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %54, align 8 %56 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %55, i64 0, i32 10 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = load i64, i64* %57, align 8 %59 = bitcast %struct.rpc_call_ops** %53 to i64* store i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = bitcast i8** %60 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %62, align 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 0, i16* %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %64, align 2 %65 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.page.694*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = bitcast %struct.page.694** %7 to i8* %14 = bitcast %struct.nfs4_readlink* %8 to i8* %15 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %22 = bitcast %struct.nfs4_readlink_res* %9 to i8* %23 = bitcast %struct.rpc_message* %10 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_readlink** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %30 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %31 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %6 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %53 store %struct.page.694* %1, %struct.page.694** %7, align 8 store i64* %17, i64** %18, align 8 store i32 %2, i32* %19, align 8 store i32 %3, i32* %20, align 4 store %struct.page.694** %7, %struct.page.694*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 28), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %26, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 %54 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %61, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %44, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 %71 = ptrtoint %struct.rpc_task* %68 to i64 %72 = trunc i64 %71 to i32 br label %76 %77 = phi i32 [ %72, %70 ], [ %75, %73 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_readlink, %78)) #6 to label %100 [label %78], !srcloc !4 %101 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %102 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %101, i64 0, i32 30 %103 = bitcast i8** %102 to %struct.nfs_server.197100** %104 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %103, align 64 %105 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %104, i32 %77, %struct.nfs4_exception* nonnull %11) #70 %106 = load i8, i8* %52, align 8 %107 = and i8 %106, 8 %108 = icmp eq i8 %107, 0 br i1 %108, label %109, label %53 store %struct.page.694* %1, %struct.page.694** %7, align 8 store i64* %17, i64** %18, align 8 store i32 %2, i32* %19, align 8 store i32 %3, i32* %20, align 4 store %struct.page.694** %7, %struct.page.694*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 28), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %26, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 %54 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %61, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %44, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %69 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 36, i64 0 store i32* %69, i32** %16, align 8 br label %70 %71 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 3 %72 = bitcast %struct.rpc_clnt** %71 to i64* %73 = load i64, i64* %72, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %74 = load i8, i8* %34, align 8 %75 = and i8 %74, -4 store i8 %75, i8* %34, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %35, align 8 %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 0 %77 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %76, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %37, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %38, align 8 store %struct.nfs4_sequence_res.197119* %32, %struct.nfs4_sequence_res.197119** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %73, i64* %43, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %44, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %45, align 8 %78 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %77, i64 0, i32 29 %79 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %78, align 8 %80 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %79, i64 0, i32 10 %81 = bitcast %struct.rpc_call_ops** %80 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %47, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 0, i16* %51, align 8 store i8 0, i8* %52, align 2 %83 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_server_caps_arg, align 8 %8 = alloca %struct.nfs4_lookup_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast %struct.nfs4_server_caps_arg* %7 to i8* %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 1 %16 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %17 = bitcast %struct.nfs_fh** %15 to i64** %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 2 %19 = bitcast %struct.nfs4_lookup_res* %8 to i8* %20 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 1 %22 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 2 %23 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 4 %25 = bitcast %struct.rpc_message* %9 to i8* %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_server_caps_arg** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_lookup_res** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %6 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %53 %54 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store i64* %16, i64** %17, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 store i32* %61, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 %62 = load i8, i8* %33, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %14, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %20, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %44, align 8 %66 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 29 %67 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %71 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 %74 = ptrtoint %struct.rpc_task* %71 to i64 %75 = trunc i64 %74 to i32 br label %79 %80 = phi i32 [ %75, %73 ], [ %78, %76 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_lookupp, %81)) #6 to label %103 [label %81], !srcloc !4 %104 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %105 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %104, i64 0, i32 30 %106 = bitcast i8** %105 to %struct.nfs_server.197100** %107 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %106, align 64 %108 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %107, i32 %80, %struct.nfs4_exception* nonnull %10) #70 %109 = load i8, i8* %52, align 8 %110 = and i8 %109, 8 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %53 %54 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store i64* %16, i64** %17, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 store i32* %61, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 %62 = load i8, i8* %33, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %14, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %20, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %44, align 8 %66 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 29 %67 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %71 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_lookup_common 4 nfs4_proc_lookup ------------- Path:  Function:nfs4_proc_lookup %6 = alloca %struct.rpc_clnt*, align 8 %7 = bitcast %struct.rpc_clnt** %6 to i8* %8 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %9 = load %struct.super_block.720*, %struct.super_block.720** %8, align 8 %10 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %9, i64 0, i32 30 %11 = bitcast i8** %10 to %struct.nfs_server.197100** %12 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %11, align 64 %13 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 3 %14 = bitcast %struct.rpc_clnt** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = bitcast %struct.rpc_clnt** %6 to i64* store i64 %15, i64* %16, align 8 %17 = call fastcc i32 @nfs4_proc_lookup_common(%struct.rpc_clnt** nonnull %6, %struct.inode.733* %0, %struct.qstr* %1, %struct.nfs_fh* %2, %struct.nfs_fattr* %3, %struct.nfs4_label* %4) #69 Function:nfs4_proc_lookup_common %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_lookup_arg, align 8 %10 = alloca %struct.nfs4_lookup_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %15 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 8 %16 = bitcast %struct.nfs4_lookup_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 1 %19 = getelementptr %struct.inode.733, %struct.inode.733* %1, i64 -1, i32 16, i32 1 %20 = bitcast %struct.nfs_fh** %18 to i64** %21 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 3 %23 = bitcast %struct.nfs4_lookup_res* %10 to i8* %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 1 %26 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 2 %27 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 4 %29 = bitcast %struct.rpc_message* %11 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_lookup_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_lookup_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %36 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %8 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %56 %57 = phi %struct.rpc_clnt* [ %14, %6 ], [ %181, %179 ] %58 = load %struct.super_block.720*, %struct.super_block.720** %15, align 8 %59 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %58, i64 0, i32 30 %60 = bitcast i8** %59 to %struct.nfs_server.197100** %61 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %60, align 64 store i64* %19, i64** %20, align 8 store %struct.qstr* %2, %struct.qstr** %21, align 8 %62 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %25, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %26, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %27, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %28, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 19), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %32, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %34, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %35, align 8 store i32* %62, i32** %22, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %36, align 8 %63 = load i8, i8* %37, align 8 %64 = and i8 %63, -4 store i8 %64, i8* %37, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 0 %66 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %65, align 8 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %40, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %41, align 8 store %struct.nfs4_sequence_res.197119* %24, %struct.nfs4_sequence_res.197119** %42, align 8 store %struct.rpc_task* null, %struct.rpc_task** %44, align 8 store %struct.rpc_clnt* %57, %struct.rpc_clnt** %45, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %46, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %47, align 8 %67 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %66, i64 0, i32 29 %68 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %68, i64 0, i32 10 %70 = bitcast %struct.rpc_call_ops** %69 to i64* %71 = load i64, i64* %70, align 8 store i64 %71, i64* %49, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 %75 = ptrtoint %struct.rpc_task* %72 to i64 %76 = trunc i64 %75 to i32 br label %80 %81 = phi i32 [ %76, %74 ], [ %79, %77 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookup to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_lookup_common, %82)) #6 to label %104 [label %82], !srcloc !4 switch i32 %81, label %172 [ i32 -10041, label %190 i32 -10019, label %105 i32 -10016, label %160 ] %161 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %162 = icmp eq %struct.rpc_clnt* %57, %161 br i1 %162, label %163, label %190 %164 = call %struct.rpc_clnt* @nfs4_negotiate_security(%struct.rpc_clnt* %57, %struct.inode.733* %1, %struct.qstr* %2) #69 %165 = icmp ugt %struct.rpc_clnt* %164, inttoptr (i64 -4096 to %struct.rpc_clnt*) br i1 %165, label %166, label %169 %170 = load i8, i8* %55, align 8 %171 = or i8 %170, 8 store i8 %171, i8* %55, align 8 br label %179 %180 = phi i8 [ %178, %172 ], [ %171, %169 ] %181 = phi %struct.rpc_clnt* [ %57, %172 ], [ %164, %169 ] %182 = phi i32 [ %177, %172 ], [ -1, %169 ] %183 = and i8 %180, 8 %184 = icmp eq i8 %183, 0 br i1 %184, label %185, label %56 %57 = phi %struct.rpc_clnt* [ %14, %6 ], [ %181, %179 ] %58 = load %struct.super_block.720*, %struct.super_block.720** %15, align 8 %59 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %58, i64 0, i32 30 %60 = bitcast i8** %59 to %struct.nfs_server.197100** %61 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %60, align 64 store i64* %19, i64** %20, align 8 store %struct.qstr* %2, %struct.qstr** %21, align 8 %62 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %25, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %26, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %27, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %28, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 19), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %32, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %34, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %35, align 8 store i32* %62, i32** %22, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %36, align 8 %63 = load i8, i8* %37, align 8 %64 = and i8 %63, -4 store i8 %64, i8* %37, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 0 %66 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %65, align 8 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %40, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %41, align 8 store %struct.nfs4_sequence_res.197119* %24, %struct.nfs4_sequence_res.197119** %42, align 8 store %struct.rpc_task* null, %struct.rpc_task** %44, align 8 store %struct.rpc_clnt* %57, %struct.rpc_clnt** %45, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %46, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %47, align 8 %67 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %66, i64 0, i32 29 %68 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %68, i64 0, i32 10 %70 = bitcast %struct.rpc_call_ops** %69 to i64* %71 = load i64, i64* %70, align 8 store i64 %71, i64* %49, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = bitcast [3 x i32]* %8 to i8* %15 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %20 = bitcast %struct.nfs4_getattr_res* %10 to i8* %21 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %25 = bitcast %struct.rpc_message* %11 to i8* %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_server_caps_arg** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_getattr_res** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %33 = bitcast i32* %32 to i8* %34 = icmp eq %struct.inode.733* %4, null %35 = getelementptr %struct.inode.733, %struct.inode.733* %4, i64 -1, i32 16 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %35, i64 9, i32 1 %37 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %38 = bitcast %struct.rpc_clnt** %37 to i64* %39 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %43 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %47 = bitcast %struct.rpc_task_setup* %7 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 3 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %54 = bitcast %struct.rpc_call_ops** %53 to i64* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %56 = bitcast i8** %55 to %struct.nfs4_call_sync_data** %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %61 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %22, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 18), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 br i1 %34, label %81, label %62 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* nonnull %4, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %81, label %65 %66 = load volatile i64, i64* %36, align 8 %67 = and i64 %66, 64 %68 = icmp eq i64 %67, 0 %69 = select i1 %68, i64 0, i64 %66 %70 = and i64 %69, 2048 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %75 %73 = load i32, i32* %19, align 4 %74 = and i32 %73, -17 store i32 %74, i32* %19, align 4 br label %75 %76 = and i64 %69, 256 %77 = icmp eq i64 %76, 0 br i1 %77, label %78, label %81 %79 = load i32, i32* %19, align 4 %80 = and i32 %79, -9 store i32 %80, i32* %19, align 4 br label %81 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 %82 = load i64, i64* %38, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %39, align 8 %83 = load i8, i8* %40, align 8 %84 = and i8 %83, -4 store i8 %84, i8* %40, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %41, align 8 %85 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %42, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %44, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %45, align 8 store %struct.nfs4_sequence_res.197119* %21, %struct.nfs4_sequence_res.197119** %46, align 8 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 store i64 %82, i64* %50, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %52, align 8 %86 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %85, i64 0, i32 29 %87 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %86, align 8 %88 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %87, i64 0, i32 10 %89 = bitcast %struct.rpc_call_ops** %88 to i64* %90 = load i64, i64* %89, align 8 store i64 %90, i64* %54, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %56, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %57, align 8 store i16 0, i16* %58, align 8 store i8 0, i8* %59, align 2 %91 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_execute 1 rpc_execute 2 rpc_run_task 3 nfs4_do_close 4 __nfs4_close 5 nfs4_close_sync 6 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 4 %4 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %3, align 8 %5 = icmp eq %struct.nfs4_state.197134* %4, null br i1 %5, label %12, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 5 %9 = load i32, i32* %8, align 8 br i1 %7, label %11, label %10 tail call void bitcast (void (%struct.nfs4_state.198680*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.197134*, i32)*)(%struct.nfs4_state.197134* nonnull %4, i32 %9) #69 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.198680* %0, i32 %1, i32 6291648, i32 1) #69 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #69 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %99, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %100, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %101 = icmp eq i32 %64, 0 br i1 %101, label %102, label %122 %123 = tail call i32 bitcast (i32 (%struct.nfs4_state.197134*, i32, i32)* @nfs4_do_close to i32 (%struct.nfs4_state.198680*, i32, i32)*)(%struct.nfs4_state.198680* %0, i32 %2, i32 %3) #69 Function:nfs4_do_close %4 = alloca %struct.rpc_message, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 4 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %7, i64 0, i32 8 %9 = load %struct.super_block.720*, %struct.super_block.720** %8, align 8 %10 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %9, i64 0, i32 30 %11 = bitcast i8** %10 to %struct.nfs_server.197100** %12 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %11, align 64 %13 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 3 %14 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %13, align 8 %15 = bitcast %struct.rpc_message* %4 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 8), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 1 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 2 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %14, i64 0, i32 4 %21 = bitcast %struct.rpc_cred** %20 to i64* %22 = bitcast i8** %17 to i8* %23 = load i64, i64* %21, align 8 %24 = bitcast %struct.rpc_cred** %19 to i64* store i64 %23, i64* %24, align 8 %25 = bitcast %struct.rpc_task_setup* %5 to i8* %26 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %26, align 8 %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %28 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = load i64, i64* %29, align 8 %31 = bitcast %struct.rpc_clnt** %27 to i64* store i64 %30, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %32, align 8 %33 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %4, %struct.rpc_message** %33, align 8 %34 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 store %struct.rpc_call_ops* @nfs4_close_ops, %struct.rpc_call_ops** %34, align 8 %35 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 store i8* null, i8** %35, align 8 %36 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %37 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %38 = bitcast %struct.workqueue_struct** %36 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 1, i16* %39, align 8 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %40, align 2 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 0 %42 = or i32 %1, 32768 %43 = and i32 %1, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 10), align 16 %47 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 %42, i64 584) #69 br label %50 %51 = phi i8* [ %49, %48 ], [ %47, %45 ] %52 = icmp eq i8* %51, null br i1 %52, label %122, label %53 %54 = getelementptr inbounds i8, i8* %51, i64 16 %55 = getelementptr inbounds i8, i8* %51, i64 96 %56 = bitcast i8* %54 to %struct.nfs4_slot.197116** store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %56, align 8 %57 = getelementptr inbounds i8, i8* %51, i64 24 %58 = load i8, i8* %57, align 8 %59 = and i8 %58, -4 %60 = or i8 %59, 1 store i8 %60, i8* %57, align 8 %61 = bitcast i8* %55 to %struct.nfs4_slot.197116** store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %61, align 8 %62 = bitcast %struct.inode.733** %6 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast i8* %51 to %struct.inode.733** %65 = bitcast i8* %51 to i64* store i64 %63, i64* %65, align 8 %66 = getelementptr inbounds i8, i8* %51, i64 8 %67 = bitcast i8* %66 to %struct.nfs4_state.197134** store %struct.nfs4_state.197134* %0, %struct.nfs4_state.197134** %67, align 8 %68 = inttoptr i64 %63 to %struct.inode.733* %69 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16, i32 1 %70 = getelementptr inbounds i8, i8* %51, i64 32 %71 = bitcast i8* %70 to i64** store i64* %69, i64** %71, align 8 %72 = getelementptr inbounds i8, i8* %51, i64 40 %73 = bitcast i8* %72 to %struct.nfs4_stateid_struct* %74 = call zeroext i1 bitcast (i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_state.198680*)* @nfs4_copy_open_stateid to i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_state.197134*)*)(%struct.nfs4_stateid_struct* %73, %struct.nfs4_state.197134* %0) #69 br i1 %74, label %75, label %121 %76 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %77 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %76, i64 0, i32 29 %78 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %77, align 8 %79 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %78, i64 0, i32 8 %80 = load %struct.nfs_seqid* (%struct.nfs_seqid_counter*, i32)*, %struct.nfs_seqid* (%struct.nfs_seqid_counter*, i32)** %79, align 8 %81 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %13, align 8 %82 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %81, i64 0, i32 9 %83 = call %struct.nfs_seqid* %80(%struct.nfs_seqid_counter* %82, i32 %1) #69 %84 = getelementptr inbounds i8, i8* %51, i64 64 %85 = bitcast i8* %84 to %struct.nfs_seqid** store %struct.nfs_seqid* %83, %struct.nfs_seqid** %85, align 8 %86 = icmp ugt %struct.nfs_seqid* %83, inttoptr (i64 -4096 to %struct.nfs_seqid*) br i1 %86, label %121, label %87 %88 = getelementptr inbounds i8, i8* %51, i64 360 %89 = bitcast i8* %88 to %struct.nfs_fattr* call void @nfs_fattr_init(%struct.nfs_fattr* %89) #69 %90 = getelementptr inbounds i8, i8* %51, i64 72 %91 = bitcast i8* %90 to i32* store i32 0, i32* %91, align 8 %92 = getelementptr inbounds i8, i8* %51, i64 336 %93 = getelementptr inbounds i8, i8* %51, i64 272 %94 = bitcast i8* %93 to i8** store i8* %92, i8** %94, align 8 %95 = getelementptr inbounds i8, i8* %51, i64 152 %96 = bitcast i8* %95 to i8** store i8* %88, i8** %96, align 8 %97 = bitcast i8* %84 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds i8, i8* %51, i64 160 %100 = bitcast i8* %99 to i64* store i64 %98, i64* %100, align 8 %101 = getelementptr inbounds i8, i8* %51, i64 168 %102 = bitcast i8* %101 to %struct.nfs_server.197100** store %struct.nfs_server.197100* %12, %struct.nfs_server.197100** %102, align 8 %103 = getelementptr inbounds i8, i8* %51, i64 184 %104 = bitcast i8* %103 to i32* store i32 -10060, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %51, i64 356 store i8 0, i8* %105, align 4 %106 = load %struct.inode.733*, %struct.inode.733** %64, align 8 %107 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %106, i64 0, i32 8 %108 = load %struct.super_block.720*, %struct.super_block.720** %107, align 8 %109 = call zeroext i1 bitcast (i1 (%struct.super_block.181391*)* @nfs_sb_active to i1 (%struct.super_block.720*)*)(%struct.super_block.720* %108) #69 store i8* %54, i8** %17, align 8 store i8* %55, i8** %18, align 8 store i8* %51, i8** %35, align 8 %110 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 %3 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 1 %4 = load %struct.rpc_clnt*, %struct.rpc_clnt** %3, align 8 %5 = icmp eq %struct.rpc_clnt* %4, null br i1 %5, label %53, label %6 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 3 %55 = load %struct.rpc_message*, %struct.rpc_message** %54, align 8 %56 = icmp eq %struct.rpc_message* %55, null br i1 %56, label %78, label %57 %79 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 4 %80 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %79, align 8 %81 = icmp eq void (%struct.rpc_task*)* %80, null br i1 %81, label %82, label %83 store void (%struct.rpc_task*)* @call_start, void (%struct.rpc_task*)** %79, align 8 br label %83 %84 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %84, i32* %84) #6, !srcloc !4 tail call void @rpc_execute(%struct.rpc_task* %2) #69 Function:rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @rpc_task_set_debuginfo.rpc_pid, i64 0, i32 0)) #6, !srcloc !4 %7 = trunc i32 %6 to i16 %8 = add i16 %7, 1 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 20 store i16 %8, i16* %9, align 8 %10 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %11 = bitcast i64* %10 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 4, i8* %11) #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@rpc_execute, %12)) #6 to label %34 [label %12], !srcloc !6 %35 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %10, i64 0, i64* %10) #6, !srcloc !11 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %11, i8 -3, i8* %11) #6, !srcloc !12 br i1 %38, label %39, label %56 br i1 %5, label %57, label %58 tail call fastcc void @__rpc_execute(%struct.rpc_task* %0) #70 Function:__rpc_execute %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 4 %4 = and i16 %3, 1 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %10, label %9, !prof !4, !misexpect !5 %11 = load volatile i64, i64* %5, align 8 %12 = and i64 %11, 2 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %144 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 4 %16 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 3 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 7 %18 = bitcast i64* %5 to i8* %19 = icmp eq i16 %4, 0 %20 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 br label %21 %22 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %15, align 8 %23 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %16, align 8 %24 = icmp eq void (%struct.rpc_task*)* %23, null br i1 %24, label %26, label %25 store void (%struct.rpc_task*)* null, void (%struct.rpc_task*)** %16, align 8 br label %28 %29 = phi void (%struct.rpc_task*)* [ %23, %25 ], [ %22, %26 ] %30 = bitcast void (%struct.rpc_task*)* %29 to i8* callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_run_action, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__rpc_execute, %31)) #6 to label %53 [label %31], !srcloc !8 tail call void %29(%struct.rpc_task* %0) #69 %54 = load volatile i64, i64* %5, align 8 %55 = and i64 %54, 2 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 %59 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %17, align 8 %60 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %59, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %60) #69 %61 = load volatile i64, i64* %5, align 8 %62 = and i64 %61, 2 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %65 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %18, i8 -2, i8* %18) #6, !srcloc !13 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %60) #69 br i1 %19, label %66, label %144 %67 = tail call i32 @out_of_line_wait_on_bit(i8* %18, i32 1, i32 (%struct.sigaltstack*, i32)* nonnull @rpc_wait_bit_killable, i32 258) #69 ------------- Good: 133 Bad: 15 Ignored: 75 Check Use of Function:register_netdevice Check Use of Function:proc_sys_revalidate Check Use of Function:ext4_reserve_inode_write Check Use of Function:xt_compat_flush_offsets Check Use of Function:kernfs_iop_lookup Check Use of Function:filename_lookup Check Use of Function:perf_install_in_context Check Use of Function:cpus_read_lock Use: =BAD PATH= Call Stack: 0 kmem_cache_shrink 1 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %8 %7 = tail call i32 @kmem_cache_shrink(%struct.kmem_cache* %0) #69 Function:kmem_cache_shrink tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %121, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %121 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %75 i32 16, label %78 i32 32, label %98 i32 64, label %101 ] %99 = tail call fastcc i32 @membarrier_private_expedited(i32 1) #69 Function:membarrier_private_expedited %2 = alloca [1 x %struct.cpumask], align 8 %3 = bitcast [1 x %struct.cpumask]* %2 to i8* %4 = and i32 %0, 1 %5 = icmp eq i32 %4, 0 %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 32 %8 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %7, align 32 %9 = getelementptr inbounds %struct.mm_struct.50224, %struct.mm_struct.50224* %8, i64 0, i32 0, i32 45, i32 0 %10 = load volatile i32, i32* %9, align 4 br i1 %5, label %14, label %11 %12 = and i32 %10, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %52, label %17 %18 = tail call fastcc i32 @cpumask_weight.6403() #69 %19 = icmp eq i32 %18, 1 br i1 %19, label %52, label %20 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %21 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %21, align 8 tail call void @cpus_read_lock() #70 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %121, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %121 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %75 i32 16, label %78 i32 32, label %98 i32 64, label %101 ] %99 = tail call fastcc i32 @membarrier_private_expedited(i32 1) #69 Function:membarrier_private_expedited %2 = alloca [1 x %struct.cpumask], align 8 %3 = bitcast [1 x %struct.cpumask]* %2 to i8* %4 = and i32 %0, 1 %5 = icmp eq i32 %4, 0 %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 32 %8 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %7, align 32 %9 = getelementptr inbounds %struct.mm_struct.50224, %struct.mm_struct.50224* %8, i64 0, i32 0, i32 45, i32 0 %10 = load volatile i32, i32* %9, align 4 br i1 %5, label %14, label %11 %12 = and i32 %10, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %52, label %17 %18 = tail call fastcc i32 @cpumask_weight.6403() #69 %19 = icmp eq i32 %18, 1 br i1 %19, label %52, label %20 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %21 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %21, align 8 tail call void @cpus_read_lock() #70 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %121, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %121 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %75 i32 16, label %78 i32 32, label %98 i32 64, label %101 ] %14 = bitcast [1 x %struct.cpumask]* %3 to i8* %15 = tail call fastcc i32 @cpumask_weight.6403() #69 %16 = icmp eq i32 %15, 1 br i1 %16, label %53, label %17 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %121, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %121 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %75 i32 16, label %78 i32 32, label %98 i32 64, label %101 ] %14 = bitcast [1 x %struct.cpumask]* %3 to i8* %15 = tail call fastcc i32 @cpumask_weight.6403() #69 %16 = icmp eq i32 %15, 1 br i1 %16, label %53, label %17 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device.45493, %struct.device.45493* %0, i64 -1, i32 38 %6 = bitcast i8* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device.45493, %struct.device.45493* %0, i64 -1, i32 38 %6 = bitcast i8* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device.45493, %struct.device.45493* %0, i64 -1, i32 38 %7 = bitcast i8* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 workqueue_set_unbound_cpumask 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %9 = tail call i8* @strchr(i8* %2, i32 10) #69 %10 = icmp eq i8* %9, null br i1 %10, label %16, label %11 %12 = ptrtoint i8* %9 to i64 %13 = ptrtoint i8* %2 to i64 %14 = sub i64 %12, %13 %15 = and i64 %14, 4294967295 br label %18 %19 = phi i64 [ %15, %11 ], [ %17, %16 ] %20 = trunc i64 %19 to i32 %21 = call i32 @__bitmap_parse(i8* %2, i32 %20, i32 0, i64* nonnull %7, i32 64) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 %24 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %8) #70 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %70, label %8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_del 2 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = lshr i64 %1, 12 %15 = lshr i64 %2, 12 %16 = tail call i32 @mtrr_del_page(i32 %0, i64 %14, i64 %15) #70 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %65, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 microcode_write ------------- Path:  Function:microcode_write %5 = alloca i32, align 4 %6 = lshr i64 %2, 12 %7 = load i64, i64* @totalram_pages, align 8 %8 = icmp ugt i64 %6, %7 br i1 %8, label %9, label %11 tail call void @cpus_read_lock() #70 ------------- Use: =BAD PATH= Call Stack: 0 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 28), align 8 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %51 call void @cpus_read_lock() #69 ------------- Good: 492 Bad: 12 Ignored: 319 Check Use of Function:ext4_mark_iloc_dirty Check Use of Function:xt_table_unlock Check Use of Function:ext4_expand_extra_isize Check Use of Function:kernel_restart Check Use of Function:jbd2_journal_force_commit_nested Check Use of Function:mtrr_add_page Check Use of Function:svc_add_new_perm_xprt Check Use of Function:mq_find Check Use of Function:xt_compat_match_to_user Check Use of Function:mmc_ioctl_cdrom_pause_resume Check Use of Function:xt_compat_init_offsets Check Use of Function:get_mm_exe_file Check Use of Function:xt_compat_match_offset Check Use of Function:alloc_file_clone Check Use of Function:vfs_path_lookup Check Use of Function:exportfs_decode_fh Check Use of Function:xt_find_table_lock Check Use of Function:bind_rdev_to_array Check Use of Function:security_inode_getsecurity Check Use of Function:scsi_autopm_put_host Check Use of Function:__dquot_transfer Check Use of Function:vfat_rename Check Use of Function:pin_kill Check Use of Function:ext4_unlink Check Use of Function:kcalloc.55943 Use: =BAD PATH= Call Stack: 0 xps_rxqs_show ------------- Path:  Function:xps_rxqs_show %3 = getelementptr inbounds %struct.netdev_queue.597612, %struct.netdev_queue.597612* %0, i64 0, i32 0 %4 = load %struct.net_device.597678*, %struct.net_device.597678** %3, align 64 %5 = getelementptr inbounds %struct.net_device.597678, %struct.net_device.597678* %4, i64 0, i32 86 %6 = bitcast %struct.netdev_queue.597612** %5 to i64* %7 = load i64, i64* %6, align 64 %8 = ptrtoint %struct.netdev_queue.597612* %0 to i64 %9 = sub i64 %8, %7 %10 = sdiv exact i64 %9, 320 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.net_device.597678, %struct.net_device.597678* %4, i64 0, i32 87 %13 = load i32, i32* %12, align 8 %14 = icmp ugt i32 %13, %11 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = tail call i32 @rtnl_trylock() #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %22 %23 = getelementptr inbounds %struct.net_device.597678, %struct.net_device.597678* %4, i64 0, i32 115 %24 = load i16, i16* %23, align 2 %25 = icmp eq i16 %24, 0 br i1 %25, label %30, label %26 %31 = phi i32 [ %28, %26 ], [ 0, %22 ] %32 = phi i32 [ %27, %26 ], [ 1, %22 ] %33 = getelementptr inbounds %struct.net_device.597678, %struct.net_device.597678* %4, i64 0, i32 73 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = add nuw nsw i64 %35, 63 %37 = lshr i64 %36, 6 %38 = tail call fastcc i8* @kcalloc.55943(i64 %37) #70 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:xt_alloc_table_info Check Use of Function:mtrr_del_page Use: =BAD PATH= Call Stack: 0 mtrr_del 1 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = lshr i64 %1, 12 %15 = lshr i64 %2, 12 %16 = tail call i32 @mtrr_del_page(i32 %0, i64 %14, i64 %15) #70 ------------- Good: 9 Bad: 1 Ignored: 4 Check Use of Function:__rseq_handle_notify_resume Check Use of Function:sr_get_last_session Check Use of Function:sem_lock Check Use of Function:ipc_rcu_putref Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_compat_sys_semtimedop ------------- Path:  Function:__ia32_compat_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %30 = and i64 %17, 4294967295 %31 = inttoptr i64 %15 to %struct.orc_entry* %32 = inttoptr i64 %30 to %struct.util_est* %33 = tail call i64 @compat_ksys_semtimedop(i32 %19, %struct.orc_entry* %31, i32 %20, %struct.util_est* %32) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.48, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.48* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %175 = getelementptr %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %175) #69 %176 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 12 %177 = bitcast %struct.callback_head* %176 to i32* %178 = load i32, i32* %177, align 64 %179 = icmp eq i32 %178, 0 store i32 10, i32* %177, align 64 br i1 %179, label %180, label %192 %181 = load i32, i32* %163, align 8 %182 = icmp sgt i32 %181, 0 br i1 %182, label %183, label %192 %184 = phi i64 [ %188, %183 ], [ 0, %180 ] %185 = getelementptr %struct.sem_array, %struct.sem_array* %156, i64 0, i32 9, i64 %184, i32 2 %186 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %185, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %186) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %187 = bitcast %struct.spinlock* %185 to i8* store volatile i8 0, i8* %187, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %188 = add nuw nsw i64 %184, 1 %189 = load i32, i32* %163, align 8 %190 = sext i32 %189 to i64 %191 = icmp slt i64 %188, %190 br i1 %191, label %183, label %192 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_compat_sys_semtimedop ------------- Path:  Function:__ia32_compat_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %30 = and i64 %17, 4294967295 %31 = inttoptr i64 %15 to %struct.orc_entry* %32 = inttoptr i64 %30 to %struct.util_est* %33 = tail call i64 @compat_ksys_semtimedop(i32 %19, %struct.orc_entry* %31, i32 %20, %struct.util_est* %32) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.48, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.48* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %154 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %155 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %154, i32 %0) #69 %156 = bitcast %struct.kern_ipc_perm* %155 to %struct.sem_array* %157 = bitcast %struct.kern_ipc_perm* %155 to i8* %158 = icmp ugt %struct.kern_ipc_perm* %155, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %158, label %159, label %161 %162 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %155, i64 1, i32 11 %163 = bitcast %struct.rhash_head* %162 to i32* %164 = load i32, i32* %163, align 8 %165 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %155) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br i1 %165, label %166, label %369 %167 = sext i32 %164 to i64 %168 = shl nsw i64 %167, 1 %169 = add nsw i64 %168, 72 %170 = call noalias align 8 i8* @__kmalloc(i64 %169, i32 6324416) #69 %171 = bitcast i8* %170 to %struct.sem_undo* %172 = icmp eq i8* %170, null br i1 %172, label %173, label %174 call void @ipc_rcu_putref(%struct.kern_ipc_perm* %155, void (%struct.callback_head*)* nonnull @sem_rcu_free) #69 ------------- Good: 17 Bad: 20 Ignored: 15 Check Use of Function:sr_block_ioctl Check Use of Function:drop_collected_mounts Use: =BAD PATH= Call Stack: 0 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.127974, %struct.ns_common.127974* %0, i64 -1, i32 2 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = getelementptr inbounds i32, i32* %2, i64 8 %8 = bitcast i32* %7 to %struct.mount.127946** %9 = load %struct.mount.127946*, %struct.mount.127946** %8, align 8 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %9, i64 0, i32 3 tail call void @drop_collected_mounts(%struct.vfsmount.128217* %10) #69 ------------- Good: 13 Bad: 1 Ignored: 9 Check Use of Function:dev_set_alias Check Use of Function:do_truncate Check Use of Function:svc_write_space Check Use of Function:find_task_by_vpid Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = ashr i32 %6, 13 %8 = and i32 %6, 8191 switch i32 %7, label %237 [ i32 1, label %9 i32 2, label %11 i32 3, label %15 i32 0, label %13 ] %14 = icmp eq i32 %8, 0 br i1 %14, label %15, label %237 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %235 [ i32 1, label %16 i32 2, label %54 i32 3, label %141 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %18, label %20 %21 = tail call %struct.task_struct.251506* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.251506* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = ashr i32 %6, 13 %8 = and i32 %6, 8191 switch i32 %7, label %237 [ i32 1, label %9 i32 2, label %11 i32 3, label %15 i32 0, label %13 ] %14 = icmp eq i32 %8, 0 br i1 %14, label %15, label %237 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %235 [ i32 1, label %16 i32 2, label %54 i32 3, label %141 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %18, label %20 %21 = tail call %struct.task_struct.251506* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.251506* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __ia32_sys_ioprio_get ------------- Path:  Function:__ia32_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %4, i64 %7) #69 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %223 [ i32 1, label %5 i32 2, label %30 i32 3, label %124 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %9 %10 = tail call %struct.task_struct.251506* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.251506* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __x64_sys_ioprio_get ------------- Path:  Function:__x64_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %3, i64 %5) #69 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %223 [ i32 1, label %5 i32 2, label %30 i32 3, label %124 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %9 %10 = tail call %struct.task_struct.251506* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.251506* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __ia32_compat_sys_move_pages ------------- Path:  Function:__ia32_compat_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %9 to i32* %21 = inttoptr i64 %12 to i32* %22 = inttoptr i64 %15 to i32* %23 = trunc i64 %17 to i32 %24 = shl nuw nsw i64 %6, 3 %25 = tail call i8* @compat_alloc_user_space(i64 %24) #69 %26 = bitcast i8* %25 to i8** %27 = icmp eq i32 %19, 0 br i1 %27, label %51, label %30 %31 = phi i32 [ %50, %28 ], [ 0, %1 ] %33 = sext i32 %31 to i64 %34 = getelementptr i32, i32* %20, i64 %33 %35 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %32) #6, !srcloc !4 %36 = extractvalue { i32*, i64, i64 } %35, 0 %37 = extractvalue { i32*, i64, i64 } %35, 2 %38 = ptrtoint i32* %36 to i64 %39 = and i64 %38, 4294967295 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %54, !prof !5, !misexpect !6 %42 = extractvalue { i32*, i64, i64 } %35, 1 %43 = and i64 %42, 4294967295 %44 = inttoptr i64 %43 to i8* %45 = getelementptr i8*, i8** %26, i64 %33 %46 = tail call i8* asm sideeffect "call __put_user_8", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i8* %44, i8** %45) #6, !srcloc !7 %47 = ptrtoint i8* %46 to i64 %48 = and i64 %47, 4294967295 %49 = icmp eq i64 %48, 0 %50 = add nuw i32 %31, 1 br i1 %49, label %28, label %54, !prof !5, !misexpect !6 %29 = icmp eq i32 %50, %19 br i1 %29, label %51, label %30 %52 = tail call fastcc i32 @kernel_move_pages(i32 %18, i64 %6, i8** %26, i32* %21, i32* %22, i32 %23) #69 Function:kernel_move_pages %7 = alloca i32, align 4 %8 = alloca [16 x i8*], align 16 %9 = alloca [16 x i32], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.cpumask, align 8 %12 = alloca %struct.list_head, align 8 %13 = and i32 %5, -7 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %414 %16 = and i32 %5, 4 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = icmp eq i32 %0, 0 br i1 %21, label %24, label %22 %23 = tail call %struct.task_struct* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %9 to i8** %20 = inttoptr i64 %12 to i32* %21 = inttoptr i64 %15 to i32* %22 = trunc i64 %17 to i32 %23 = tail call fastcc i32 @kernel_move_pages(i32 %18, i64 %6, i8** %19, i32* %20, i32* %21, i32 %22) #69 Function:kernel_move_pages %7 = alloca i32, align 4 %8 = alloca [16 x i8*], align 16 %9 = alloca [16 x i32], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.cpumask, align 8 %12 = alloca %struct.list_head, align 8 %13 = and i32 %5, -7 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %414 %16 = and i32 %5, 4 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = icmp eq i32 %0, 0 br i1 %21, label %24, label %22 %23 = tail call %struct.task_struct* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i8*** %8 = load i8**, i8*** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = bitcast i64* %12 to i32** %14 = load i32*, i32** %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %16 to i32 %19 = tail call fastcc i32 @kernel_move_pages(i32 %17, i64 %5, i8** %8, i32* %11, i32* %14, i32 %18) #69 Function:kernel_move_pages %7 = alloca i32, align 4 %8 = alloca [16 x i8*], align 16 %9 = alloca [16 x i32], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.cpumask, align 8 %12 = alloca %struct.list_head, align 8 %13 = and i32 %5, -7 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %414 %16 = and i32 %5, 4 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = icmp eq i32 %0, 0 br i1 %21, label %24, label %22 %23 = tail call %struct.task_struct* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_get_robust_list ------------- Path:  Function:__x64_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.robust_list_head*** %6 = load %struct.robust_list_head**, %struct.robust_list_head*** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i64** %9 = load i64*, i64** %8, align 8 %10 = trunc i64 %3 to i32 %11 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %11, label %12, label %35 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = icmp eq i32 %10, 0 br i1 %13, label %14, label %16 %17 = tail call %struct.task_struct.78089* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.78089* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_get_robust_list ------------- Path:  Function:__ia32_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to %struct.robust_list_head** %12 = inttoptr i64 %9 to i64* %13 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %13, label %14, label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %10, 0 br i1 %15, label %16, label %18 %19 = tail call %struct.task_struct.78089* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.78089* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_robust_list ------------- Path:  Function:__ia32_compat_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i32* %12 = inttoptr i64 %9 to i32* %13 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %13, label %14, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %10, 0 br i1 %15, label %16, label %18 %19 = tail call %struct.task_struct.78089* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.78089* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.kuid_t* %3 to i8* %10 = icmp eq i64 %7, 0 %11 = icmp slt i32 %8, 0 %12 = or i1 %11, %10 br i1 %12, label %39, label %13 %14 = inttoptr i64 %7 to i8* %15 = call i64 @_copy_from_user(i8* nonnull %9, i8* %14, i64 4) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %39 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = icmp eq i32 %8, 0 br i1 %18, label %21, label %19 %20 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kuid_t* %2 to i8* %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = icmp eq i64 %6, 0 %11 = icmp slt i32 %7, 0 %12 = or i1 %11, %10 br i1 %12, label %41, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = icmp eq i32 %7, 0 br i1 %14, label %17, label %15 %16 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kuid_t* %2 to i8* %10 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = icmp eq i64 %7, 0 %12 = icmp slt i32 %8, 0 %13 = or i1 %12, %11 br i1 %13, label %42, label %14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %8, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.sched_attr* %5 to i8* %8 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %5, i64 0, i32 0 store i32 48, i32* %8, align 8 %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %2 to i32 %14 = trunc i64 %3 to i32 %15 = add i32 %13, -48 %16 = icmp ugt i32 %15, 4048 %17 = icmp ne i32 %14, 0 %18 = or i1 %16, %17 br i1 %18, label %76, label %19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = icmp eq i32 %6, 0 br i1 %20, label %23, label %21 %22 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.sched_attr* %5 to i8* %8 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %5, i64 0, i32 0 store i32 48, i32* %8, align 8 %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %2 to i32 %14 = trunc i64 %3 to i32 %15 = add i32 %13, -48 %16 = icmp ugt i32 %15, 4048 %17 = icmp ne i32 %14, 0 %18 = or i1 %16, %17 br i1 %18, label %76, label %19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = icmp eq i32 %6, 0 br i1 %20, label %23, label %21 %22 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kuid_t* %3 to i8* %11 = icmp eq i64 %8, 0 %12 = icmp slt i32 %9, 0 %13 = or i1 %12, %11 br i1 %13, label %40, label %14 %15 = inttoptr i64 %8 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %40 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %9, 0 br i1 %19, label %22, label %20 %21 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i32* %13 = bitcast [1 x %struct.cpumask]* %2 to i8* %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %20 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 %18 = shl i64 %6, 3 %19 = and i64 %18, 4294967288 br label %20 %21 = phi i64 [ %19, %16 ], [ 64, %1 ] %22 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %23 = call i64 @compat_get_bitmap(i64* nonnull %22, i32* %12, i64 %21) #69 %24 = trunc i64 %23 to i32 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %28 %27 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = shl i32 %10, 3 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp uge i32 %13, %14 %16 = and i32 %10, 3 %17 = icmp eq i32 %16, 0 %18 = and i1 %17, %15 br i1 %18, label %19, label %77 %20 = trunc i64 %4 to i32 %21 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %22 = call i64 @sched_getaffinity(i32 %20, %struct.cpumask* nonnull %21) #69 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_compat_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_compat_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.48* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.48* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.anon.48** %7 = load %struct.anon.48*, %struct.anon.48** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.48* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_prlimit64 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.anon.48* %5 to i8* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = bitcast %struct.anon.48* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %114 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_prlimit64 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.anon.48* %5 to i8* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = bitcast %struct.anon.48* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %114 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getsid ------------- Path:  Function:__ia32_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getpgid ------------- Path:  Function:__ia32_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getsid ------------- Path:  Function:__x64_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getpgid ------------- Path:  Function:__x64_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = inttoptr i64 %11 to %struct.compat_siginfo* %13 = bitcast %struct.siginfo* %2 to i8* %14 = call i32 @copy_siginfo_from_user32(%struct.siginfo* nonnull %2, %struct.compat_siginfo* %12) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %22 %17 = trunc i64 %8 to i32 %18 = trunc i64 %6 to i32 %19 = trunc i64 %4 to i32 %20 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %19, i32 %18, i32 %17, %struct.siginfo* nonnull %2) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %36, label %8 %9 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %2, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = alloca %struct.siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.siginfo* %2 to i8* %13 = inttoptr i64 %11 to i8* %14 = call i64 @_copy_from_user(i8* nonnull %12, i8* %13, i64 128) #69 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %22 %17 = trunc i64 %8 to i32 %18 = trunc i64 %6 to i32 %19 = trunc i64 %4 to i32 %20 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %19, i32 %18, i32 %17, %struct.siginfo* nonnull %2) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %36, label %8 %9 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %2, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = alloca %struct.siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = bitcast %struct.siginfo* %2 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %12, i8* %11, i64 128) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %21 %16 = trunc i64 %8 to i32 %17 = trunc i64 %6 to i32 %18 = trunc i64 %4 to i32 %19 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %18, i32 %17, i32 %16, %struct.siginfo* nonnull %2) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %36, label %8 %9 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %2, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 %35 = bitcast i8* %34 to i64* %36 = lshr i64 %20, 6 %37 = getelementptr i64, i64* %35, i64 %36 %38 = select i1 %30, i64* null, i64* %37 %39 = call i64 @_copy_to_user(i8* %34, i8* nonnull %15, i64 %22) #69 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %64 %42 = phi i64* [ %38, %29 ], [ null, %1 ] %43 = phi i64* [ %35, %29 ], [ null, %1 ] %44 = icmp eq i64 %12, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %47 = call i64 @compat_get_bitmap(i64* nonnull %46, i32* nonnull %14, i64 %19) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %64 %50 = icmp eq i64* %42, null br i1 %50, label %51, label %54 %52 = call i8* @compat_alloc_user_space(i64 %22) #69 %53 = bitcast i8* %52 to i64* br label %54 %55 = phi i64* [ %53, %51 ], [ %42, %49 ] %56 = bitcast i64* %55 to i8* %57 = call i64 @_copy_to_user(i8* %56, i8* nonnull %15, i64 %22) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %59, label %64 %60 = phi i64* [ %55, %54 ], [ %42, %41 ] %61 = add nuw nsw i64 %19, 1 %62 = call fastcc i32 @kernel_migrate_pages(i32 %13, i64 %61, i64* %43, i64* %60) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %67 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %9 to i64* %15 = inttoptr i64 %12 to i64* %16 = tail call fastcc i32 @kernel_migrate_pages(i32 %13, i64 %6, i64* %14, i64* %15) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %67 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i64** %8 = load i64*, i64** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i64** %11 = load i64*, i64** %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i32 @kernel_migrate_pages(i32 %12, i64 %5, i64* %8, i64* %11) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %67 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %12, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = tail call fastcc i32 @do_tkill(i32 0, i32 %4, i32 %9) #69 Function:do_tkill %4 = alloca %struct.siginfo, align 8 %5 = bitcast %struct.siginfo* %4 to i8* %6 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %9, i32 1, %struct.pid_namespace.39324* null) #69 %11 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %9, i64 0, i32 78 %13 = load %struct.cred.39299*, %struct.cred.39299** %12, align 16 %14 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %12, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = tail call fastcc i32 @do_tkill(i32 0, i32 %4, i32 %9) #69 Function:do_tkill %4 = alloca %struct.siginfo, align 8 %5 = bitcast %struct.siginfo* %4 to i8* %6 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %9, i32 1, %struct.pid_namespace.39324* null) #69 %11 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %9, i64 0, i32 78 %13 = load %struct.cred.39299*, %struct.cred.39299** %12, align 16 %14 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp slt i32 %7, 1 %9 = icmp slt i32 %6, 1 %10 = or i1 %9, %8 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %13 to i32 %15 = tail call fastcc i32 @do_tkill(i32 %6, i32 %7, i32 %14) #69 Function:do_tkill %4 = alloca %struct.siginfo, align 8 %5 = bitcast %struct.siginfo* %4 to i8* %6 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %9, i32 1, %struct.pid_namespace.39324* null) #69 %11 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %9, i64 0, i32 78 %13 = load %struct.cred.39299*, %struct.cred.39299** %12, align 16 %14 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp slt i32 %7, 1 %9 = icmp slt i32 %6, 1 %10 = or i1 %9, %8 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %13 to i32 %15 = tail call fastcc i32 @do_tkill(i32 %6, i32 %7, i32 %14) #69 Function:do_tkill %4 = alloca %struct.siginfo, align 8 %5 = bitcast %struct.siginfo* %4 to i8* %6 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %9, i32 1, %struct.pid_namespace.39324* null) #69 %11 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %9, i64 0, i32 78 %13 = load %struct.cred.39299*, %struct.cred.39299** %12, align 16 %14 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %4, i64 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #69 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %5, i64 0, i32 54 %7 = load %struct.task_struct.39605*, %struct.task_struct.39605** %6, align 16 %8 = icmp eq i32 %3, 0 br i1 %8, label %9, label %11 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %7, i32 0, %struct.pid_namespace.39324* null) #69 br label %11 %12 = phi i32 [ %3, %2 ], [ %10, %9 ] %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i32 %12, i32 %4 %15 = icmp slt i32 %14, 0 br i1 %15, label %82, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %17 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #69 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %5, i64 0, i32 54 %7 = load %struct.task_struct.39605*, %struct.task_struct.39605** %6, align 16 %8 = icmp eq i32 %3, 0 br i1 %8, label %9, label %11 %10 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %7, i32 0, %struct.pid_namespace.39324* null) #69 br label %11 %12 = phi i32 [ %3, %2 ], [ %10, %9 ] %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i32 %12, i32 %4 %15 = icmp slt i32 %14, 0 br i1 %15, label %82, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %17 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __ia32_sys_setpriority ------------- Path:  Function:__ia32_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setpriority(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp ugt i32 %4, 2 br i1 %10, label %148, label %11 %12 = icmp sgt i32 %6, -20 %13 = select i1 %12, i32 %6, i32 -20 %14 = icmp slt i32 %13, 19 %15 = select i1 %14, i32 %13, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %4, label %145 [ i32 0, label %16 i32 1, label %25 i32 2, label %83 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %20, label %18 %19 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __x64_sys_setpriority ------------- Path:  Function:__x64_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setpriority(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp ugt i32 %4, 2 br i1 %10, label %148, label %11 %12 = icmp sgt i32 %6, -20 %13 = select i1 %12, i32 %6, i32 -20 %14 = icmp slt i32 %13, 19 %15 = select i1 %14, i32 %13, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %4, label %145 [ i32 0, label %16 i32 1, label %25 i32 2, label %83 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %20, label %18 %19 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __ia32_sys_getpriority ------------- Path:  Function:__ia32_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_getpriority(i64 %4, i64 %7) #69 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %5, i64 0, i32 78 %7 = load %struct.cred.39299*, %struct.cred.39299** %6, align 16 %8 = icmp ugt i32 %3, 2 br i1 %8, label %158, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %3, label %155 [ i32 0, label %10 i32 1, label %25 i32 2, label %86 ] %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __x64_sys_getpriority ------------- Path:  Function:__x64_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_getpriority(i64 %3, i64 %5) #69 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %5, i64 0, i32 78 %7 = load %struct.cred.39299*, %struct.cred.39299** %6, align 16 %8 = icmp ugt i32 %3, 2 br i1 %8, label %158, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %3, label %155 [ i32 0, label %10 i32 1, label %25 i32 2, label %86 ] %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %4) #69 ------------- Good: 11 Bad: 53 Ignored: 21 Check Use of Function:sockfs_xattr_get Check Use of Function:drm_gem_handle_create Check Use of Function:tty_vhangup_self Check Use of Function:nfs_weak_revalidate Check Use of Function:_atomic_dec_and_lock Use: =BAD PATH= Call Stack: 0 nfs4_put_open_state 1 __nfs4_close 2 nfs4_close_sync 3 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 4 %4 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %3, align 8 %5 = icmp eq %struct.nfs4_state.197134* %4, null br i1 %5, label %12, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 5 %9 = load i32, i32* %8, align 8 br i1 %7, label %11, label %10 tail call void bitcast (void (%struct.nfs4_state.198680*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.197134*, i32)*)(%struct.nfs4_state.197134* nonnull %4, i32 %9) #69 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.198680* %0, i32 %1, i32 6291648, i32 1) #69 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #69 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %99, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %100, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %101 = icmp eq i32 %64, 0 br i1 %101, label %102, label %122 tail call void @nfs4_put_open_state(%struct.nfs4_state.198680* %0) #70 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 4 %3 = load %struct.inode.733*, %struct.inode.733** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %5, i64 0, i32 5 %8 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %6, %struct.spinlock* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 md_release ------------- Path:  Function:md_release %3 = getelementptr inbounds %struct.gendisk.533496, %struct.gendisk.533496* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.mddev** %5 = load %struct.mddev*, %struct.mddev** %4, align 8 %6 = icmp eq %struct.mddev* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 62, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !8 %10 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 61 %11 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %10, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.533489, %struct.block_device.533489* %0, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #69 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -968 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %150, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.533496*, %struct.gendisk.533496** %32, align 8 %34 = getelementptr inbounds %struct.block_device.533489, %struct.block_device.533489* %0, i64 0, i32 16 %35 = load %struct.gendisk.533496*, %struct.gendisk.533496** %34, align 8 %36 = icmp eq %struct.gendisk.533496* %33, %35 br i1 %36, label %87, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 md_attr_show ------------- Path:  Function:md_attr_show %4 = getelementptr %struct.kobject.533610, %struct.kobject.533610* %0, i64 -2, i32 5 %5 = bitcast %struct.kernfs_node.533609** %4 to %struct.mddev* %6 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1 %7 = bitcast %struct.attribute* %6 to i64 (%struct.mddev*, i8*)** %8 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %9 = icmp eq i64 (%struct.mddev*, i8*)* %8, null br i1 %9, label %72, label %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #69 %11 = getelementptr inbounds %struct.kernfs_node.533609*, %struct.kernfs_node.533609** %4, i64 123 %12 = bitcast %struct.kernfs_node.533609** %11 to %struct.list_head* %13 = bitcast %struct.kernfs_node.533609** %11 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.list_head* %16 = icmp eq %struct.list_head* %15, %12 br i1 %16, label %17, label %18 %19 = getelementptr inbounds %struct.kernfs_node.533609*, %struct.kernfs_node.533609** %4, i64 65 %20 = bitcast %struct.kernfs_node.533609** %19 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %21 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %22 = tail call i64 %21(%struct.mddev* %5, i8* %2) #69 %23 = bitcast %struct.kernfs_node.533609** %19 to %struct.kuid_t* %24 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %23, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 nfs_closedir ------------- Path:  Function:nfs_closedir %3 = getelementptr inbounds %struct.file.725, %struct.file.725* %1, i64 0, i32 2 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr inbounds %struct.file.725, %struct.file.725* %1, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_dir_context** %7 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %6, align 8 %8 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %4, i64 0, i32 18 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #69 %10 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %17, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %18 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 1 %19 = load %struct.rpc_cred*, %struct.rpc_cred** %18, align 8 tail call void @put_rpccred(%struct.rpc_cred* %19) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_unlink_rpc_prepare ------------- Path:  Function:nfs4_proc_unlink_rpc_prepare %3 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %1, i64 0, i32 2 %4 = load %struct.dentry.734*, %struct.dentry.734** %3, align 8 %5 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %4, i64 0, i32 9 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.197100** %9 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %9, i64 0, i32 0 %11 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %10, align 8 %12 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_unlinkdata.197121, %struct.nfs_unlinkdata.197121* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.197162* %11, %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_res.197119* %13, %struct.rpc_task* %0) #69 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 34 %6 = load %struct.nfs4_session.197114*, %struct.nfs4_session.197114** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.197119, %struct.nfs4_sequence_res.197119* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %10, label %78 %11 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 31 %12 = load %struct.nfs4_slot_table.197115*, %struct.nfs4_slot_table.197115** %11, align 8 %13 = icmp eq %struct.nfs4_session.197114* %6, null br i1 %13, label %17, label %14 %18 = phi %struct.nfs4_slot_table.197115* [ %15, %14 ], [ %12, %10 ] %19 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 3 %20 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 15 %22 = getelementptr inbounds %struct.nfs4_sequence_args.197117, %struct.nfs4_sequence_args.197117* %1, i64 0, i32 1 %23 = bitcast %struct.spinlock* %19 to i8* br label %24 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #69 %25 = load volatile i64, i64* %21, align 8 %26 = and i64 %25, 1 %27 = icmp eq i64 %26, 0 br i1 %27, label %32, label %28 %29 = load i8, i8* %22, align 8 %30 = and i8 %29, 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %83, label %32 %84 = load i8, i8* %22, align 8 %85 = and i8 %84, 2 %86 = icmp eq i8 %85, 0 %87 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 4 br i1 %86, label %89, label %88 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %87, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #69 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load volatile i64, i64* %4, align 8 %11 = and i64 %10, 4 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %15 %14 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %14, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #69 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 15 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %44, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #69 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 14 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %25 = load %struct.rpc_call_ops*, %struct.rpc_call_ops** %24, align 8 %26 = getelementptr inbounds %struct.rpc_call_ops, %struct.rpc_call_ops* %25, i64 0, i32 2 %27 = load void (%struct.rpc_task*, i8*)*, void (%struct.rpc_task*, i8*)** %26, align 8 %28 = icmp eq void (%struct.rpc_task*, i8*)* %27, null br i1 %28, label %32, label %29 %33 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 12 %34 = load %struct.rpc_clnt*, %struct.rpc_clnt** %33, align 8 %35 = icmp eq %struct.rpc_clnt* %34, null br i1 %35, label %39, label %36 %40 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 34 %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #69 %42 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 11 %43 = bitcast %struct.list_head* %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %75, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %76 = bitcast %struct.spinlock* %40 to i8* store volatile i8 0, i8* %76, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %77 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 32, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %77) #69 %78 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 1 %79 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %80 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %79, i64 0, i32 2 %81 = load void (%struct.rpc_xprt*, %struct.rpc_task*)*, void (%struct.rpc_xprt*, %struct.rpc_task*)** %80, align 8 tail call void %81(%struct.rpc_xprt* %23, %struct.rpc_task* %0) #69 %82 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %83 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %82, i64 0, i32 13 %84 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %83, align 8 %85 = icmp eq void (%struct.rpc_task*)* %84, null br i1 %85, label %87, label %86 %88 = load volatile i64, i64* @jiffies, align 64 %89 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 28 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 38 %91 = bitcast %struct.list_head* %90 to i64* %92 = load volatile i64, i64* %91, align 8 %93 = inttoptr i64 %92 to %struct.list_head* %94 = icmp eq %struct.list_head* %90, %93 br i1 %94, label %95, label %103 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %77) #69 %104 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 12 %105 = load i8*, i8** %104, align 8 %106 = icmp eq i8* %105, null br i1 %106, label %111, label %107 %112 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 4 %113 = load %struct.rpc_cred*, %struct.rpc_cred** %112, align 8 %114 = icmp eq %struct.rpc_cred* %113, null br i1 %114, label %116, label %115 tail call void @put_rpccred(%struct.rpc_cred* nonnull %113) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_rename_rpc_prepare ------------- Path:  Function:nfs4_proc_rename_rpc_prepare %3 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %1, i64 0, i32 3 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %4, i64 0, i32 8 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.197100** %9 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %9, i64 0, i32 0 %11 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %10, align 8 %12 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_renamedata.197124, %struct.nfs_renamedata.197124* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.197162* %11, %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_res.197119* %13, %struct.rpc_task* %0) #69 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 34 %6 = load %struct.nfs4_session.197114*, %struct.nfs4_session.197114** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.197119, %struct.nfs4_sequence_res.197119* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %10, label %78 %11 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 31 %12 = load %struct.nfs4_slot_table.197115*, %struct.nfs4_slot_table.197115** %11, align 8 %13 = icmp eq %struct.nfs4_session.197114* %6, null br i1 %13, label %17, label %14 %18 = phi %struct.nfs4_slot_table.197115* [ %15, %14 ], [ %12, %10 ] %19 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 3 %20 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 15 %22 = getelementptr inbounds %struct.nfs4_sequence_args.197117, %struct.nfs4_sequence_args.197117* %1, i64 0, i32 1 %23 = bitcast %struct.spinlock* %19 to i8* br label %24 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #69 %25 = load volatile i64, i64* %21, align 8 %26 = and i64 %25, 1 %27 = icmp eq i64 %26, 0 br i1 %27, label %32, label %28 %29 = load i8, i8* %22, align 8 %30 = and i8 %29, 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %83, label %32 %84 = load i8, i8* %22, align 8 %85 = and i8 %84, 2 %86 = icmp eq i8 %85, 0 %87 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 4 br i1 %86, label %89, label %88 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %87, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #69 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load volatile i64, i64* %4, align 8 %11 = and i64 %10, 4 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %15 %14 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %14, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #69 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 15 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %44, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #69 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 14 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %25 = load %struct.rpc_call_ops*, %struct.rpc_call_ops** %24, align 8 %26 = getelementptr inbounds %struct.rpc_call_ops, %struct.rpc_call_ops* %25, i64 0, i32 2 %27 = load void (%struct.rpc_task*, i8*)*, void (%struct.rpc_task*, i8*)** %26, align 8 %28 = icmp eq void (%struct.rpc_task*, i8*)* %27, null br i1 %28, label %32, label %29 %33 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 12 %34 = load %struct.rpc_clnt*, %struct.rpc_clnt** %33, align 8 %35 = icmp eq %struct.rpc_clnt* %34, null br i1 %35, label %39, label %36 %40 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 34 %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #69 %42 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 11 %43 = bitcast %struct.list_head* %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %75, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %76 = bitcast %struct.spinlock* %40 to i8* store volatile i8 0, i8* %76, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %77 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 32, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %77) #69 %78 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 1 %79 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %80 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %79, i64 0, i32 2 %81 = load void (%struct.rpc_xprt*, %struct.rpc_task*)*, void (%struct.rpc_xprt*, %struct.rpc_task*)** %80, align 8 tail call void %81(%struct.rpc_xprt* %23, %struct.rpc_task* %0) #69 %82 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %83 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %82, i64 0, i32 13 %84 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %83, align 8 %85 = icmp eq void (%struct.rpc_task*)* %84, null br i1 %85, label %87, label %86 %88 = load volatile i64, i64* @jiffies, align 64 %89 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 28 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 38 %91 = bitcast %struct.list_head* %90 to i64* %92 = load volatile i64, i64* %91, align 8 %93 = inttoptr i64 %92 to %struct.list_head* %94 = icmp eq %struct.list_head* %90, %93 br i1 %94, label %95, label %103 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %77) #69 %104 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 12 %105 = load i8*, i8** %104, align 8 %106 = icmp eq i8* %105, null br i1 %106, label %111, label %107 %112 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 4 %113 = load %struct.rpc_cred*, %struct.rpc_cred** %112, align 8 %114 = icmp eq %struct.rpc_cred* %113, null br i1 %114, label %116, label %115 tail call void @put_rpccred(%struct.rpc_cred* nonnull %113) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_pgio_rpc_prepare ------------- Path:  Function:nfs4_proc_pgio_rpc_prepare %3 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 0 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %4, i64 0, i32 8 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.197100** %9 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %9, i64 0, i32 0 %11 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %10, align 8 %12 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 0 %13 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.197162* %11, %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_res.197119* %13, %struct.rpc_task* %0) #69 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 34 %6 = load %struct.nfs4_session.197114*, %struct.nfs4_session.197114** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.197119, %struct.nfs4_sequence_res.197119* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %10, label %78 %11 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 31 %12 = load %struct.nfs4_slot_table.197115*, %struct.nfs4_slot_table.197115** %11, align 8 %13 = icmp eq %struct.nfs4_session.197114* %6, null br i1 %13, label %17, label %14 %18 = phi %struct.nfs4_slot_table.197115* [ %15, %14 ], [ %12, %10 ] %19 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 3 %20 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 15 %22 = getelementptr inbounds %struct.nfs4_sequence_args.197117, %struct.nfs4_sequence_args.197117* %1, i64 0, i32 1 %23 = bitcast %struct.spinlock* %19 to i8* br label %24 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #69 %25 = load volatile i64, i64* %21, align 8 %26 = and i64 %25, 1 %27 = icmp eq i64 %26, 0 br i1 %27, label %32, label %28 %29 = load i8, i8* %22, align 8 %30 = and i8 %29, 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %83, label %32 %84 = load i8, i8* %22, align 8 %85 = and i8 %84, 2 %86 = icmp eq i8 %85, 0 %87 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 4 br i1 %86, label %89, label %88 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %87, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #69 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load volatile i64, i64* %4, align 8 %11 = and i64 %10, 4 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %15 %14 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %14, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #69 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 15 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %44, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #69 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 14 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %25 = load %struct.rpc_call_ops*, %struct.rpc_call_ops** %24, align 8 %26 = getelementptr inbounds %struct.rpc_call_ops, %struct.rpc_call_ops* %25, i64 0, i32 2 %27 = load void (%struct.rpc_task*, i8*)*, void (%struct.rpc_task*, i8*)** %26, align 8 %28 = icmp eq void (%struct.rpc_task*, i8*)* %27, null br i1 %28, label %32, label %29 %33 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 12 %34 = load %struct.rpc_clnt*, %struct.rpc_clnt** %33, align 8 %35 = icmp eq %struct.rpc_clnt* %34, null br i1 %35, label %39, label %36 %40 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 34 %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #69 %42 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 11 %43 = bitcast %struct.list_head* %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %75, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %76 = bitcast %struct.spinlock* %40 to i8* store volatile i8 0, i8* %76, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %77 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 32, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %77) #69 %78 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 1 %79 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %80 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %79, i64 0, i32 2 %81 = load void (%struct.rpc_xprt*, %struct.rpc_task*)*, void (%struct.rpc_xprt*, %struct.rpc_task*)** %80, align 8 tail call void %81(%struct.rpc_xprt* %23, %struct.rpc_task* %0) #69 %82 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %83 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %82, i64 0, i32 13 %84 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %83, align 8 %85 = icmp eq void (%struct.rpc_task*)* %84, null br i1 %85, label %87, label %86 %88 = load volatile i64, i64* @jiffies, align 64 %89 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 28 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 38 %91 = bitcast %struct.list_head* %90 to i64* %92 = load volatile i64, i64* %91, align 8 %93 = inttoptr i64 %92 to %struct.list_head* %94 = icmp eq %struct.list_head* %90, %93 br i1 %94, label %95, label %103 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %77) #69 %104 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 12 %105 = load i8*, i8** %104, align 8 %106 = icmp eq i8* %105, null br i1 %106, label %111, label %107 %112 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 4 %113 = load %struct.rpc_cred*, %struct.rpc_cred** %112, align 8 %114 = icmp eq %struct.rpc_cred* %113, null br i1 %114, label %116, label %115 tail call void @put_rpccred(%struct.rpc_cred* nonnull %113) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_commit_rpc_prepare ------------- Path:  Function:nfs4_proc_commit_rpc_prepare %3 = getelementptr inbounds %struct.nfs_commit_data.197154, %struct.nfs_commit_data.197154* %1, i64 0, i32 1 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %4, i64 0, i32 8 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.197100** %9 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %9, i64 0, i32 0 %11 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %10, align 8 %12 = getelementptr inbounds %struct.nfs_commit_data.197154, %struct.nfs_commit_data.197154* %1, i64 0, i32 8, i32 0 %13 = getelementptr inbounds %struct.nfs_commit_data.197154, %struct.nfs_commit_data.197154* %1, i64 0, i32 9, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.197162* %11, %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_res.197119* %13, %struct.rpc_task* %0) #69 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 34 %6 = load %struct.nfs4_session.197114*, %struct.nfs4_session.197114** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.197119, %struct.nfs4_sequence_res.197119* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %7, align 8 %9 = icmp eq %struct.nfs4_slot.197116* %8, null br i1 %9, label %10, label %78 %11 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %0, i64 0, i32 31 %12 = load %struct.nfs4_slot_table.197115*, %struct.nfs4_slot_table.197115** %11, align 8 %13 = icmp eq %struct.nfs4_session.197114* %6, null br i1 %13, label %17, label %14 %18 = phi %struct.nfs4_slot_table.197115* [ %15, %14 ], [ %12, %10 ] %19 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 3 %20 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 15 %22 = getelementptr inbounds %struct.nfs4_sequence_args.197117, %struct.nfs4_sequence_args.197117* %1, i64 0, i32 1 %23 = bitcast %struct.spinlock* %19 to i8* br label %24 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #69 %25 = load volatile i64, i64* %21, align 8 %26 = and i64 %25, 1 %27 = icmp eq i64 %26, 0 br i1 %27, label %32, label %28 %29 = load i8, i8* %22, align 8 %30 = and i8 %29, 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %83, label %32 %84 = load i8, i8* %22, align 8 %85 = and i8 %84, 2 %86 = icmp eq i8 %85, 0 %87 = getelementptr inbounds %struct.nfs4_slot_table.197115, %struct.nfs4_slot_table.197115* %18, i64 0, i32 4 br i1 %86, label %89, label %88 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %87, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #69 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load volatile i64, i64* %4, align 8 %11 = and i64 %10, 4 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %15 %14 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %14, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #69 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 15 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %44, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #69 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 14 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %25 = load %struct.rpc_call_ops*, %struct.rpc_call_ops** %24, align 8 %26 = getelementptr inbounds %struct.rpc_call_ops, %struct.rpc_call_ops* %25, i64 0, i32 2 %27 = load void (%struct.rpc_task*, i8*)*, void (%struct.rpc_task*, i8*)** %26, align 8 %28 = icmp eq void (%struct.rpc_task*, i8*)* %27, null br i1 %28, label %32, label %29 %33 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 12 %34 = load %struct.rpc_clnt*, %struct.rpc_clnt** %33, align 8 %35 = icmp eq %struct.rpc_clnt* %34, null br i1 %35, label %39, label %36 %40 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 34 %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #69 %42 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 11 %43 = bitcast %struct.list_head* %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %75, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %76 = bitcast %struct.spinlock* %40 to i8* store volatile i8 0, i8* %76, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %77 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 32, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %77) #69 %78 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 1 %79 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %80 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %79, i64 0, i32 2 %81 = load void (%struct.rpc_xprt*, %struct.rpc_task*)*, void (%struct.rpc_xprt*, %struct.rpc_task*)** %80, align 8 tail call void %81(%struct.rpc_xprt* %23, %struct.rpc_task* %0) #69 %82 = load %struct.rpc_xprt_ops*, %struct.rpc_xprt_ops** %78, align 8 %83 = getelementptr inbounds %struct.rpc_xprt_ops, %struct.rpc_xprt_ops* %82, i64 0, i32 13 %84 = load void (%struct.rpc_task*)*, void (%struct.rpc_task*)** %83, align 8 %85 = icmp eq void (%struct.rpc_task*)* %84, null br i1 %85, label %87, label %86 %88 = load volatile i64, i64* @jiffies, align 64 %89 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 28 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %23, i64 0, i32 38 %91 = bitcast %struct.list_head* %90 to i64* %92 = load volatile i64, i64* %91, align 8 %93 = inttoptr i64 %92 to %struct.list_head* %94 = icmp eq %struct.list_head* %90, %93 br i1 %94, label %95, label %103 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %77) #69 %104 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 12 %105 = load i8*, i8** %104, align 8 %106 = icmp eq i8* %105, null br i1 %106, label %111, label %107 %112 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 4 %113 = load %struct.rpc_cred*, %struct.rpc_cred** %112, align 8 %114 = icmp eq %struct.rpc_cred* %113, null br i1 %114, label %116, label %115 tail call void @put_rpccred(%struct.rpc_cred* nonnull %113) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 __put_nfs_open_context 2 nfs_file_clear_open_context 3 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.179116, %struct.inode.179116* %0, i64 0, i32 8 %4 = load %struct.super_block.179104*, %struct.super_block.179104** %3, align 8 %5 = getelementptr inbounds %struct.super_block.179104, %struct.super_block.179104* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.nfs_server.179258** %7 = load %struct.nfs_server.179258*, %struct.nfs_server.179258** %6, align 64 %8 = getelementptr inbounds %struct.nfs_server.179258, %struct.nfs_server.179258* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.180542*)* @nfs_file_clear_open_context to void (%struct.file.179124*)*)(%struct.file.179124* %1) #69 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.180542, %struct.file.180542* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.180736** %4 = load %struct.nfs_open_context.180736*, %struct.nfs_open_context.180736** %3, align 8 %5 = icmp eq %struct.nfs_open_context.180736* %4, null br i1 %5, label %40, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %4, i64 0, i32 2 %8 = load %struct.dentry.180623*, %struct.dentry.180623** %7, align 8 %9 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %8, i64 0, i32 5 %10 = load %struct.inode.180634*, %struct.inode.180634** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %4, i64 0, i32 6 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i8 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %4, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %10, i64 0, i32 9 %18 = load %struct.address_space.180635*, %struct.address_space.180635** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.104208*)* @invalidate_inode_pages2 to i32 (%struct.address_space.180635*)*)(%struct.address_space.180635* %18) #69 br label %20 store i8* null, i8** %2, align 8 %21 = getelementptr inbounds %struct.inode.180634, %struct.inode.180634* %10, i64 0, i32 18 %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %21, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %22) #69 %23 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %4, i64 0, i32 8 %24 = getelementptr %struct.inode.180634, %struct.inode.180634* %10, i64 -1, i32 16 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %24, i64 18 %26 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %4, i64 0, i32 8, i32 1 %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 0 %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %24, i64 18, i32 1 %34 = bitcast i64* %33 to %struct.list_head** %35 = load %struct.list_head*, %struct.list_head** %34, align 8 store %struct.list_head* %23, %struct.list_head** %34, align 8 %36 = bitcast %struct.list_head* %23 to %struct.anon.48** store %struct.anon.48* %25, %struct.anon.48** %36, align 8 store %struct.list_head* %35, %struct.list_head** %26, align 8 %37 = ptrtoint %struct.list_head* %23 to i64 %38 = bitcast %struct.list_head* %35 to i64* store volatile i64 %37, i64* %38, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = bitcast %struct.spinlock* %21 to i8* store volatile i8 0, i8* %39, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.180736* nonnull %4, i32 1) #69 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %0, i64 0, i32 2 %4 = load %struct.dentry.180623*, %struct.dentry.180623** %3, align 8 %5 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %4, i64 0, i32 5 %6 = load %struct.inode.180634*, %struct.inode.180634** %5, align 8 %7 = getelementptr inbounds %struct.dentry.180623, %struct.dentry.180623* %4, i64 0, i32 9 %8 = load %struct.super_block.180619*, %struct.super_block.180619** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %0, i64 0, i32 8 %10 = bitcast %struct.list_head* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = inttoptr i64 %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %9, %12 br i1 %13, label %27, label %14 %28 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %29 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !6 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %57, label %32 %33 = icmp eq %struct.inode.180634* %6, null br i1 %33, label %46, label %34 %47 = getelementptr inbounds %struct.nfs_open_context.180736, %struct.nfs_open_context.180736* %0, i64 0, i32 3 %48 = load %struct.rpc_cred.180666*, %struct.rpc_cred.180666** %47, align 8 %49 = icmp eq %struct.rpc_cred.180666* %48, null br i1 %49, label %51, label %50 tail call void bitcast (void (%struct.rpc_cred*)* @put_rpccred to void (%struct.rpc_cred.180666*)*)(%struct.rpc_cred.180666* nonnull %48) #69 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %85, label %3 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 %8 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 br i1 %7, label %9, label %19 %20 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %8, %struct.spinlock* nonnull @rpc_credcache_lock) #69 ------------- Good: 219 Bad: 10 Ignored: 237 Check Use of Function:lock_mount Check Use of Function:dev_set_group Check Use of Function:locks_mandatory_locked Check Use of Function:mmc_ioctl_dvd_auth Check Use of Function:tcp_release_cb Check Use of Function:ip_tunnel_bind_dev Check Use of Function:security_task_setscheduler Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i32* %13 = bitcast [1 x %struct.cpumask]* %2 to i8* %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %20 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 %18 = shl i64 %6, 3 %19 = and i64 %18, 4294967288 br label %20 %21 = phi i64 [ %19, %16 ], [ 64, %1 ] %22 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %23 = call i64 @compat_get_bitmap(i64* nonnull %22, i32* %12, i64 %21) #69 %24 = trunc i64 %23 to i32 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %28 %27 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.50485* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.50485* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32* %17) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 67108864 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %92 %23 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 78 %25 = load %struct.cred.50206*, %struct.cred.50206** %24, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 77 %27 = bitcast %struct.cred.50206** %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = inttoptr i64 %28 to %struct.cred.50206* %30 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %25, i64 0, i32 5, i32 0 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %29, i64 0, i32 5, i32 0 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %35, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %46 %47 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_setscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.50485* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.50485* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32* %17) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 67108864 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %92 %23 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 78 %25 = load %struct.cred.50206*, %struct.cred.50206** %24, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 77 %27 = bitcast %struct.cred.50206** %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = inttoptr i64 %28 to %struct.cred.50206* %30 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %25, i64 0, i32 5, i32 0 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %29, i64 0, i32 5, i32 0 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %35, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %46 %47 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_setscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.50485* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.50485* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32* %17) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 67108864 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %92 %23 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 78 %25 = load %struct.cred.50206*, %struct.cred.50206** %24, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %13, i64 0, i32 77 %27 = bitcast %struct.cred.50206** %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = inttoptr i64 %28 to %struct.cred.50206* %30 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %25, i64 0, i32 5, i32 0 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.cred.50206, %struct.cred.50206* %29, i64 0, i32 5, i32 0 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %35, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %46 %47 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_setscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %13) #69 ------------- Good: 3 Bad: 3 Ignored: 0 Check Use of Function:lock_two_nondirectories Check Use of Function:sr_audio_ioctl Check Use of Function:serial8250_request_port Check Use of Function:bad_inode_lookup Check Use of Function:pci_user_read_config_byte Check Use of Function:nfs4_xattr_get_nfs4_acl Check Use of Function:mmc_ioctl_cdrom_next_writable Check Use of Function:vfs_open Check Use of Function:__ext4_msg Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %226 = bitcast %struct.efi_memory_desc_t* %15 to i8* %227 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 8 %228 = load i32, i32* %227, align 4 %229 = and i32 %228, 3 %230 = icmp eq i32 %229, 3 br i1 %230, label %231, label %280 %232 = inttoptr i64 %2 to i8* %233 = call i64 @_copy_from_user(i8* nonnull %226, i8* %232, i64 40) #70 %234 = icmp eq i64 %233, 0 br i1 %234, label %235, label %280 %236 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %15, i64 0, i32 5 store i64 0, i64* %236, align 8 %237 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %15, i64 0, i32 1 %238 = load i32, i32* %237, align 4 %239 = call i64 @__fdget(i32 %238) #70 %240 = and i64 %239, -4 %241 = inttoptr i64 %240 to %struct.file.163071* %242 = icmp eq i64 %240, 0 br i1 %242, label %280, label %243 %244 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %241, i64 0, i32 8 %245 = load i32, i32* %244, align 4 %246 = and i32 %245, 2 %247 = icmp eq i32 %246, 0 br i1 %247, label %273, label %248 %249 = getelementptr inbounds %struct.super_block.163044, %struct.super_block.163044* %24, i64 0, i32 30 %250 = bitcast i8** %249 to %struct.ext4_sb_info.163118** %251 = load %struct.ext4_sb_info.163118*, %struct.ext4_sb_info.163118** %250, align 64 %252 = getelementptr inbounds %struct.ext4_sb_info.163118, %struct.ext4_sb_info.163118* %251, i64 0, i32 15 %253 = load %struct.ext4_super_block*, %struct.ext4_super_block** %252, align 8 %254 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %253, i64 0, i32 30 %255 = load i32, i32* %254, align 4 %256 = and i32 %255, 512 %257 = icmp eq i32 %256, 0 br i1 %257, label %259, label %258 call void (%struct.super_block.163044*, i8*, i8*, ...) bitcast (void (%struct.super_block.166754*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.163044*, i8*, i8*, ...)*)(%struct.super_block.163044* %24, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.16920, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.3.16922, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %226 = bitcast %struct.efi_memory_desc_t* %15 to i8* %227 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 8 %228 = load i32, i32* %227, align 4 %229 = and i32 %228, 3 %230 = icmp eq i32 %229, 3 br i1 %230, label %231, label %280 %232 = inttoptr i64 %2 to i8* %233 = call i64 @_copy_from_user(i8* nonnull %226, i8* %232, i64 40) #70 %234 = icmp eq i64 %233, 0 br i1 %234, label %235, label %280 %236 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %15, i64 0, i32 5 store i64 0, i64* %236, align 8 %237 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %15, i64 0, i32 1 %238 = load i32, i32* %237, align 4 %239 = call i64 @__fdget(i32 %238) #70 %240 = and i64 %239, -4 %241 = inttoptr i64 %240 to %struct.file.163071* %242 = icmp eq i64 %240, 0 br i1 %242, label %280, label %243 %244 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %241, i64 0, i32 8 %245 = load i32, i32* %244, align 4 %246 = and i32 %245, 2 %247 = icmp eq i32 %246, 0 br i1 %247, label %273, label %248 %249 = getelementptr inbounds %struct.super_block.163044, %struct.super_block.163044* %24, i64 0, i32 30 %250 = bitcast i8** %249 to %struct.ext4_sb_info.163118** %251 = load %struct.ext4_sb_info.163118*, %struct.ext4_sb_info.163118** %250, align 64 %252 = getelementptr inbounds %struct.ext4_sb_info.163118, %struct.ext4_sb_info.163118* %251, i64 0, i32 15 %253 = load %struct.ext4_super_block*, %struct.ext4_super_block** %252, align 8 %254 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %253, i64 0, i32 30 %255 = load i32, i32* %254, align 4 %256 = and i32 %255, 512 %257 = icmp eq i32 %256, 0 br i1 %257, label %259, label %258 call void (%struct.super_block.163044*, i8*, i8*, ...) bitcast (void (%struct.super_block.166754*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.163044*, i8*, i8*, ...)*)(%struct.super_block.163044* %24, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.16920, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.3.16922, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_commit_super 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl 5 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 %126 = icmp eq i32 %1, 0 br i1 %126, label %134, label %127 %128 = tail call i32 @_cond_resched() #69 %129 = getelementptr inbounds %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %130 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %129, i64 2, i64* %129) #6, !srcloc !4 %131 = and i8 %130, 1 %132 = icmp eq i8 %131, 0 br i1 %132, label %134, label %133 tail call void bitcast (void (%struct.buffer_head.133279*)* @__lock_buffer to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 br label %134 %135 = getelementptr %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %136 = load volatile i64, i64* %135, align 8 %137 = and i64 %136, 2048 %138 = icmp eq i64 %137, 0 br i1 %138, label %139, label %143 %140 = load volatile i64, i64* %135, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = and i64 %140, 1 %142 = icmp eq i64 %141, 0 br i1 %142, label %143, label %150 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33.17393, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.419, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_commit_super 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 %126 = icmp eq i32 %1, 0 br i1 %126, label %134, label %127 %128 = tail call i32 @_cond_resched() #69 %129 = getelementptr inbounds %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %130 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %129, i64 2, i64* %129) #6, !srcloc !4 %131 = and i8 %130, 1 %132 = icmp eq i8 %131, 0 br i1 %132, label %134, label %133 tail call void bitcast (void (%struct.buffer_head.133279*)* @__lock_buffer to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 br label %134 %135 = getelementptr %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %136 = load volatile i64, i64* %135, align 8 %137 = and i64 %136, 2048 %138 = icmp eq i64 %137, 0 br i1 %138, label %139, label %143 %140 = load volatile i64, i64* %135, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = and i64 %140, 1 %142 = icmp eq i64 %141, 0 br i1 %142, label %143, label %150 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33.17393, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.419, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl 5 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 %30 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %31 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 17 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.16.17416, i64 0, i64 0), i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.17.17417, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 %30 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %31 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 17 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.16.17416, i64 0, i64 0), i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.17.17417, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 2 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 8 %8 = load %struct.super_block.100615*, %struct.super_block.100615** %7, align 8 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %6, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 2048 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %827 %16 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 30 %17 = bitcast i8** %16 to %struct.ext4_sb_info.158692** %18 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %17, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %18, i64 0, i32 15 %20 = load %struct.ext4_super_block*, %struct.ext4_super_block** %19, align 8 %21 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %20, i64 0, i32 28 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 32 %24 = icmp eq i32 %23, 0 br i1 %24, label %530, label %25 %26 = load volatile i64, i64* %11, align 8 %27 = and i64 %26, 4096 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %46 %30 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 14 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 2 %33 = load i8, i8* %32, align 4 %34 = zext i8 %33 to i64 %35 = ashr i64 %31, %34 %36 = icmp eq i64 %35, 1 br i1 %36, label %46, label %37 %38 = load volatile i64, i64* %11, align 8 %39 = and i64 %38, 268435456 %40 = icmp eq i64 %39, 0 br i1 %40, label %530, label %41 %42 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %43 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %42, i64 0, i32 28 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, 0 br i1 %45, label %530, label %46 %47 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 16 %48 = bitcast i8** %47 to %struct.dir_private_info** %49 = load %struct.dir_private_info*, %struct.dir_private_info** %48, align 8 %50 = icmp eq %struct.dir_private_info* %49, null br i1 %50, label %54, label %51 %55 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %56 = load i64, i64* %55, align 8 %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 6), align 16 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 6324416, i64 48) #69 %59 = icmp eq i8* %58, null br i1 %59, label %827, label %60 %61 = bitcast i8* %58 to %struct.dir_private_info* %62 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %63 = load i32, i32* %62, align 4 %64 = and i32 %63, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %86 %67 = and i32 %63, 1024 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %91 %70 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %71 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %70, i64 0, i32 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 2 %74 = icmp eq i32 %73, 0 %75 = trunc i64 %56 to i32 %76 = shl i32 %75, 1 %77 = lshr i64 %56, 31 %78 = trunc i64 %77 to i32 %79 = and i32 %78, -2 %80 = select i1 %74, i32 %79, i32 %76 %81 = getelementptr inbounds i8, i8* %58, i64 32 %82 = bitcast i8* %81 to i32* store i32 %80, i32* %82, align 8 %83 = load i32, i32* %71, align 8 %84 = and i32 %83, 2 %85 = icmp eq i32 %84, 0 br i1 %85, label %97, label %99 %98 = trunc i64 %56 to i32 br label %99 %100 = phi i32 [ %98, %97 ], [ 0, %69 ], [ 0, %86 ] %101 = getelementptr inbounds i8, i8* %58, i64 36 %102 = bitcast i8* %101 to i32* store i32 %100, i32* %102, align 4 store i8* %58, i8** %47, align 8 br label %103 %104 = phi %struct.dir_private_info* [ %49, %51 ], [ %61, %99 ] %105 = phi i32 [ %53, %51 ], [ %63, %99 ] %106 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %109 = and i32 %105, 512 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 %112 = and i32 %105, 1024 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %120 %115 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %116 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %115, i64 0, i32 0, i32 1 %117 = load i32, i32* %116, align 8 %118 = and i32 %117, 2 %119 = icmp eq i32 %118, 0 br i1 %119, label %120, label %121 br label %121 %122 = phi i64 [ 9223372036854775807, %120 ], [ 2147483647, %114 ], [ 2147483647, %103 ] %123 = icmp eq i64 %107, %122 br i1 %123, label %827, label %124 %125 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 3 %126 = load i64, i64* %125, align 8 %127 = icmp eq i64 %126, %107 br i1 %127, label %197, label %128 %198 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 2 %199 = load %struct.fname*, %struct.fname** %198, align 8 %200 = icmp eq %struct.fname* %199, null br i1 %200, label %271, label %201 %202 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %203 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %202, i64 0, i32 8 %204 = load %struct.super_block.100615*, %struct.super_block.100615** %203, align 8 %205 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 0 %206 = load i32, i32* %205, align 8 %207 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 1 %208 = load i32, i32* %207, align 4 br i1 %110, label %209, label %218 %210 = and i32 %105, 1024 %211 = icmp eq i32 %210, 0 br i1 %211, label %212, label %221 %213 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %214 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %213, i64 0, i32 0, i32 1 %215 = load i32, i32* %214, align 8 %216 = and i32 %215, 2 %217 = icmp eq i32 %216, 0 br i1 %217, label %221, label %218 %222 = lshr i32 %206, 1 %223 = zext i32 %222 to i64 %224 = shl nuw nsw i64 %223, 32 %225 = zext i32 %208 to i64 %226 = or i64 %224, %225 br label %227 %228 = phi i64 [ %220, %218 ], [ %226, %221 ] store i64 %228, i64* %106, align 8 %229 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %204, i64 0, i32 30 %230 = bitcast i8** %229 to %struct.ext4_sb_info.158692** %231 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %232 %233 = phi %struct.fname* [ %199, %227 ], [ %265, %263 ] %234 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 7, i64 0 %235 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 5 %236 = load i8, i8* %235, align 4 %237 = zext i8 %236 to i32 %238 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 4 %239 = load i32, i32* %238, align 8 %240 = zext i32 %239 to i64 %241 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 6 %242 = load i8, i8* %241, align 1 %243 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %230, align 64 %244 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %243, i64 0, i32 15 %245 = load %struct.ext4_super_block*, %struct.ext4_super_block** %244, align 8 %246 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %245, i64 0, i32 29 %247 = load i32, i32* %246, align 8 %248 = and i32 %247, 2 %249 = icmp eq i32 %248, 0 %250 = icmp ugt i8 %242, 7 %251 = or i1 %250, %249 br i1 %251, label %256, label %252 %253 = zext i8 %242 to i64 %254 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %253 %255 = load i8, i8* %254, align 1 br label %256 %257 = phi i8 [ %255, %252 ], [ 0, %232 ] %258 = zext i8 %257 to i32 %259 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %231, align 8 %260 = load i64, i64* %106, align 8 %261 = tail call i32 %259(%struct.dir_context* %1, i8* %234, i32 %237, i64 %260, i64 %240, i32 %258) #69 %262 = icmp eq i32 %261, 0 br i1 %262, label %263, label %267 %264 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 3 %265 = load %struct.fname*, %struct.fname** %264, align 8 %266 = icmp eq %struct.fname* %265, null br i1 %266, label %270, label %232 store %struct.fname* null, %struct.fname** %198, align 8 br label %455 %456 = phi i32 [ 0, %270 ], [ %368, %383 ], [ %368, %448 ] %457 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %458 = load %struct.rb_node*, %struct.rb_node** %457, align 8 %459 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %458) #69 store %struct.rb_node* %459, %struct.rb_node** %457, align 8 %460 = icmp eq %struct.rb_node* %459, null %461 = bitcast %struct.rb_node* %459 to i8* br i1 %460, label %471, label %462 %472 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %473 = load i32, i32* %472, align 8 %474 = icmp eq i32 %473, -1 br i1 %474, label %475, label %491 %492 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 store i32 %473, i32* %492, align 8 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 store i32 0, i32* %493, align 4 br label %281 %282 = phi i8* [ %461, %462 ], [ %461, %491 ], [ %275, %271 ], [ %280, %276 ] %283 = phi %struct.rb_node* [ %459, %462 ], [ null, %491 ], [ %273, %271 ], [ %279, %276 ] %284 = phi i32 [ %456, %462 ], [ %456, %491 ], [ 0, %271 ], [ 0, %276 ] %285 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %286 = icmp eq %struct.rb_node* %283, null br i1 %286, label %294, label %287 %288 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 %289 = load i64, i64* %288, align 8 %290 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %291 = load volatile i64, i64* %290, align 8 %292 = lshr i64 %291, 1 %293 = icmp eq i64 %292, %289 br i1 %293, label %366, label %294 store %struct.rb_node* null, %struct.rb_node** %285, align 8 %295 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0 %296 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %295) #69 %297 = icmp eq %struct.rb_node* %296, null %298 = getelementptr %struct.rb_node, %struct.rb_node* %296, i64 -1, i32 2 %299 = icmp eq %struct.rb_node** %298, null %300 = or i1 %297, %299 br i1 %300, label %320, label %301 %302 = bitcast %struct.rb_node** %298 to %struct.fname* br label %305 %306 = phi %struct.fname* [ %312, %303 ], [ %302, %301 ] %307 = getelementptr inbounds %struct.fname, %struct.fname* %306, i64 0, i32 2 %308 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %307) #69 %309 = icmp eq %struct.rb_node* %308, null %310 = getelementptr %struct.rb_node, %struct.rb_node* %308, i64 -1, i32 2 %311 = bitcast %struct.rb_node** %310 to %struct.fname* %312 = select i1 %309, %struct.fname* null, %struct.fname* %311 %313 = icmp eq %struct.fname* %306, null br i1 %313, label %303, label %314 %315 = phi %struct.fname* [ %317, %314 ], [ %306, %305 ] %316 = getelementptr inbounds %struct.fname, %struct.fname* %315, i64 0, i32 3 %317 = load %struct.fname*, %struct.fname** %316, align 8 %318 = bitcast %struct.fname* %315 to i8* tail call void @kfree(i8* nonnull %318) #69 %319 = icmp eq %struct.fname* %317, null br i1 %319, label %303, label %314 %304 = icmp eq %struct.fname* %312, null br i1 %304, label %320, label %305 %321 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %321, align 8 %322 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %323 = load volatile i64, i64* %322, align 8 br label %324 %325 = phi i64 [ %323, %320 ], [ %331, %329 ] %326 = and i64 %325, 1 %327 = icmp eq i64 %326, 0 br i1 %327, label %329, label %328 %330 = or i64 %325, 1 %331 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %322, i64 %330, i64 %325, i64* %322) #6, !srcloc !6 %332 = icmp eq i64 %331, %325 br i1 %332, label %333, label %324, !prof !7, !misexpect !8 %334 = lshr i64 %325, 1 %335 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 store i64 %334, i64* %335, align 8 %336 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 %337 = load i32, i32* %336, align 8 %338 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 %339 = load i32, i32* %338, align 4 %340 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %341 = tail call i32 @ext4_htree_fill_tree(%struct.file.100641* %0, i32 %337, i32 %339, i32* %340) #69 %342 = icmp slt i32 %341, 0 br i1 %342, label %343, label %345 %346 = icmp eq i32 %341, 0 br i1 %346, label %347, label %363 %364 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %295) #69 store %struct.rb_node* %364, %struct.rb_node** %285, align 8 %365 = bitcast %struct.rb_node* %364 to i8* br label %366 %367 = phi i8* [ %282, %287 ], [ %365, %363 ] %368 = phi i32 [ %284, %287 ], [ %341, %363 ] %369 = getelementptr i8, i8* %367, i64 -8 %370 = bitcast i8* %369 to %struct.fname* %371 = bitcast i8* %369 to i32* %372 = load i32, i32* %371, align 8 %373 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 store i32 %372, i32* %373, align 8 %374 = getelementptr i8, i8* %367, i64 -4 %375 = bitcast i8* %374 to i32* %376 = load i32, i32* %375, align 4 %377 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 store i32 %376, i32* %377, align 4 %378 = load %struct.dir_private_info*, %struct.dir_private_info** %48, align 8 %379 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %380 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %379, i64 0, i32 8 %381 = load %struct.super_block.100615*, %struct.super_block.100615** %380, align 8 %382 = icmp eq i8* %369, null br i1 %382, label %383, label %388 %384 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %379, i64 0, i32 11 %385 = load i64, i64* %384, align 8 %386 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %387 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %386, i64 0, i32 79, i64 0 tail call void (%struct.super_block.100615*, i8*, i8*, ...) bitcast (void (%struct.super_block.166754*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.100615*, i8*, i8*, ...)*)(%struct.super_block.100615* %381, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.10.16672, i64 0, i64 0), i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.11.16673, i64 0, i64 0), i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.call_filldir, i64 0, i64 0), i32 516, i64 %385, i8* %387) #69 ------------- Good: 800 Bad: 7 Ignored: 644 Check Use of Function:security_sem_semop Check Use of Function:proc_lookupfd Check Use of Function:scsi_try_bus_reset Check Use of Function:extract_entropy Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_remove_exception_rt 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %31 = bitcast i64* %3 to i8* %32 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %32, label %33, label %34, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 rt6_update_exception_stamp_rt 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.684681* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.684758* %0, %struct.sock.685106* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %7 = icmp eq %struct.ipv6hdr* %2, null br i1 %7, label %10, label %8 %11 = icmp eq %struct.sock.685106* %1, null br i1 %11, label %16, label %12 %13 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 10 %14 = getelementptr inbounds %struct.sock.685106, %struct.sock.685106* %1, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 br label %16 %17 = phi %struct.in6_addr* [ %9, %8 ], [ null, %10 ], [ %13, %12 ] br i1 %4, label %18, label %26 %19 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %20 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %19, align 8 %21 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %20, i64 0, i32 15 %22 = load void (%struct.dst_entry.684758*, i8*)*, void (%struct.dst_entry.684758*, i8*)** %21, align 16 %23 = icmp eq void (%struct.dst_entry.684758*, i8*)* %22, null br i1 %23, label %26, label %24 %25 = bitcast %struct.in6_addr* %17 to i8* tail call void %22(%struct.dst_entry.684758* %0, i8* %25) #69 br label %26 %27 = icmp ugt i32 %3, 1280 %28 = select i1 %27, i32 %3, i32 1280 %29 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 1 %30 = load %struct.dst_ops.684756*, %struct.dst_ops.684756** %29, align 8 %31 = getelementptr inbounds %struct.dst_ops.684756, %struct.dst_ops.684756* %30, i64 0, i32 5 %32 = load i32 (%struct.dst_entry.684758*)*, i32 (%struct.dst_entry.684758*)** %31, align 32 %33 = tail call i32 %32(%struct.dst_entry.684758* %0) #69 %34 = icmp ult i32 %28, %33 br i1 %34, label %35, label %185 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %37 = bitcast %struct.dst_entry.684758* %36 to i64* %38 = load volatile i64, i64* %37, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %39 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %40 = bitcast i64* %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %49 %50 = getelementptr %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 0 %51 = load %struct.net_device.684854*, %struct.net_device.684854** %50, align 8 %52 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %51, i64 0, i32 107, i32 0 %53 = load %struct.net.684933*, %struct.net.684933** %52, align 8 %54 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 2 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58, !prof !6, !misexpect !7 %59 = and i64 %55, 1 %60 = icmp eq i64 %59, 0 br i1 %60, label %66, label %61 %67 = and i64 %55, -4 %68 = inttoptr i64 %67 to i32* br label %69 %70 = phi i32* [ %65, %61 ], [ %68, %66 ] %71 = icmp eq i32* %70, null br i1 %71, label %74, label %72 %73 = getelementptr i32, i32* %70, i64 1 store i32 %28, i32* %73, align 4 br label %74 %75 = load i32, i32* %40, align 8 %76 = or i32 %75, 32 store i32 %76, i32* %40, align 8 %77 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %53, i64 0, i32 34, i32 0, i32 12 %78 = load i32, i32* %77, align 4 %79 = and i32 %75, 4194304 %80 = icmp eq i32 %79, 0 br i1 %80, label %81, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %82 = load volatile i64, i64* %37, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %89, label %84 %85 = inttoptr i64 %82 to %struct.fib6_info.684763* %86 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %85, i64 0, i32 6 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 store i64 %87, i64* %88, align 8 br label %89 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %90 %91 = load volatile i64, i64* @jiffies, align 64 %92 = sext i32 %78 to i64 %93 = add i64 %91, %92 %94 = icmp eq i64 %93, 0 %95 = select i1 %94, i64 1, i64 %93 %96 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 3 %97 = load i64, i64* %96, align 8 %98 = icmp eq i64 %97, 0 %99 = sub i64 %95, %97 %100 = icmp slt i64 %99, 0 %101 = or i1 %98, %100 br i1 %101, label %102, label %103 %104 = load i32, i32* %40, align 8 %105 = or i32 %104, 4194304 store i32 %105, i32* %40, align 8 %106 = and i32 %104, 16777216 %107 = icmp eq i32 %106, 0 br i1 %107, label %185, label %108 tail call fastcc void @rt6_update_exception_stamp_rt(%struct.rt6_info.684760* %6) #70 Function:rt6_update_exception_stamp_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %19 = inttoptr i64 %17 to %struct.rt6_exception_bucket* %20 = icmp ne i64 %17, 0 %21 = icmp ne %struct.in6_addr* %18, null %22 = and i1 %21, %20 br i1 %22, label %23, label %69 %24 = bitcast %struct.anon.202* %2 to i8* %25 = bitcast %struct.in6_addr* %18 to i8* %26 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %27 = bitcast %struct.in6_addr* %26 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_update_exception_stamp_rt, %28)) #6 to label %33 [label %28], !srcloc !5 %29 = bitcast i64* %3 to i8* %30 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %3) #69 br i1 %30, label %31, label %32, !prof !6, !misexpect !7 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 __netdev_pick_tx 6 netdev_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %159 = and i64 %148, 1 %160 = icmp ne i64 %159, 0 %161 = icmp ugt i64 %148, 1 %162 = and i1 %161, %160 br i1 %162, label %163, label %182 %164 = and i64 %148, -2 %165 = inttoptr i64 %164 to %struct.dst_entry.588901* %166 = getelementptr inbounds %struct.dst_entry.588901, %struct.dst_entry.588901* %165, i64 0, i32 11, i32 0 %167 = load volatile i32, i32* %166, align 4 %168 = icmp eq i32 %167, 0 br i1 %168, label %179, label %169, !prof !8, !misexpect !5 %170 = phi i32 [ %177, %176 ], [ %167, %163 ] %171 = add i32 %170, 1 %172 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %166, i32 %171, i32* %166, i32 %170) #6, !srcloc !10 %173 = extractvalue { i8, i32 } %172, 0 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %176, label %179, !prof !8, !misexpect !5 %177 = extractvalue { i8, i32 } %172, 1 %178 = icmp eq i32 %177, 0 br i1 %178, label %179, label %169, !prof !8, !misexpect !5 %180 = phi %struct.dst_entry.588901* [ null, %163 ], [ %165, %169 ], [ null, %176 ] %181 = ptrtoint %struct.dst_entry.588901* %180 to i64 store i64 %181, i64* %147, align 8 br label %182 %183 = call %struct.netdev_queue.589064* @netdev_pick_tx(%struct.net_device.589093* %7, %struct.sk_buff.589108* %0, %struct.net_device.589093* %1) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 24, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.589019*, %struct.net_device_ops.589019** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.589019, %struct.net_device_ops.589019* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*, i16 (%struct.net_device.589093*, %struct.sk_buff.589108*, %struct.net_device.589093*)*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @__netdev_pick_tx(%struct.net_device.589093* %0, %struct.sk_buff.589108* %1, %struct.net_device.589093* %2) #70 Function:__netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 %6 = icmp eq %struct.sock.588906* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.589093* %2, null %14 = select i1 %13, %struct.net_device.589093* %0, %struct.net_device.589093* %2 br label %26 %27 = phi %struct.net_device.589093* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.589093* %0, %struct.net_device.589093* %27, %struct.sk_buff.589108* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.588906*, %struct.sock.588906** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.588906* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.588906, %struct.sock.588906* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %75 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %1, i64 0, i32 94 %76 = bitcast %struct.xps_dev_maps** %75 to i64* %77 = load volatile i64, i64* %76, align 8 %78 = inttoptr i64 %77 to %struct.xps_dev_maps* %79 = icmp eq i64 %77, 0 br i1 %79, label %134, label %80 %81 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 24, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, -1 %84 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 115 %85 = load i16, i16* %84, align 2 %86 = icmp eq i16 %85, 0 br i1 %86, label %98, label %87 %88 = sext i16 %85 to i32 %89 = mul i32 %83, %88 %90 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 19 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 15 %93 = zext i32 %92 to i64 %94 = getelementptr %struct.net_device.589093, %struct.net_device.589093* %0, i64 0, i32 117, i64 %93 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = add i32 %89, %96 br label %98 %99 = phi i32 [ %97, %87 ], [ %83, %80 ] %100 = zext i32 %99 to i64 %101 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %78, i64 0, i32 1, i64 %100 %102 = bitcast %struct.xps_map** %101 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.xps_map* %105 = icmp eq i64 %103, 0 br i1 %105, label %134, label %106 %107 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %104, i64 0, i32 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 br i1 %109, label %125, label %110 %111 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %2, i64 0, i32 16 %112 = load i32, i32* %111, align 8 %113 = and i32 %112, 768 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %117 tail call void bitcast (void (%struct.sk_buff.587842*)* @__skb_get_hash to void (%struct.sk_buff.589108*)*)(%struct.sk_buff.589108* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_u64 3 copy_process 4 _do_fork 5 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %167 = getelementptr inbounds i8, i8* %90, i64 1784 %168 = bitcast i8* %167 to %struct.seccomp_filter** store %struct.seccomp_filter* null, %struct.seccomp_filter** %168, align 8 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull %90, i8 -9, i8* nonnull %90) #6, !srcloc !10 %169 = load i64*, i64** %137, align 8 store i64 1470918301, i64* %169, align 8 %170 = call i64 @get_random_u64() #69 Function:get_random_u64 %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = load i32, i32* @crng_init, align 4 %5 = icmp ugt i32 %4, 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = bitcast i64* %1 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %1) #6, !srcloc !6 %9 = load i64, i64* %1, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.batch_u64* nonnull @batched_entropy_u64) #6, !srcloc !8 %11 = inttoptr i64 %10 to %struct.batch_u64* %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 2), align 8 %13 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 2 %14 = load i32, i32* %13, align 8 %15 = icmp ugt i32 %14, 11 br i1 %15, label %20, label %16 %17 = getelementptr inbounds %struct.batch_u64, %struct.batch_u64* %11, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp eq i64 %12, %18 br i1 %19, label %23, label %20 %21 = inttoptr i64 %10 to i8* call fastcc void @_get_random_bytes(i8* %21, i64 96) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.94.324358, %struct.anon.94.324358* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Good: 1278 Bad: 38 Ignored: 2072 Check Use of Function:dm_pr_preempt Check Use of Function:commit_creds Check Use of Function:posix_acl_xattr_get Check Use of Function:tcp_abort Check Use of Function:__fsnotify_parent Use: =BAD PATH= Call Stack: 0 security_file_permission 1 do_clone_file_range 2 vfs_clone_file_range 3 do_vfs_ioctl 4 __ia32_sys_ioctl ------------- Path:  Function:__ia32_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.124588* %14 = icmp eq i64 %12, 0 br i1 %14, label %25, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %20 %19 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %17 = tail call i32 @do_clone_file_range(%struct.file.39652* %0, i64 %1, %struct.file.39652* %2, i64 %3, i64 %4) #70 Function:do_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %9 = load %struct.inode.39644*, %struct.inode.39644** %8, align 8 %10 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, -4096 %13 = icmp eq i16 %12, 16384 br i1 %13, label %151, label %14 %15 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 0 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, -4096 %18 = icmp eq i16 %17, 16384 br i1 %18, label %151, label %19 %20 = icmp eq i16 %12, -32768 %21 = icmp eq i16 %17, -32768 %22 = and i1 %20, %21 br i1 %22, label %23, label %151 %24 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %25 = load %struct.super_block.39641*, %struct.super_block.39641** %24, align 8 %26 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 8 %27 = load %struct.super_block.39641*, %struct.super_block.39641** %26, align 8 %28 = icmp eq %struct.super_block.39641* %25, %27 br i1 %28, label %29, label %151 %30 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %151, label %34 %35 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 8 %36 = load i32, i32* %35, align 4 %37 = and i32 %36, 2 %38 = icmp eq i32 %37, 0 br i1 %38, label %151, label %39 %40 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 7 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 1024 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %151 %45 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 3 %46 = load %struct.file_operations.39492*, %struct.file_operations.39492** %45, align 8 %47 = getelementptr inbounds %struct.file_operations.39492, %struct.file_operations.39492* %46, i64 0, i32 29 %48 = load i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)*, i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)** %47, align 8 %49 = icmp eq i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* %48, null br i1 %49, label %151, label %50 %51 = icmp sgt i64 %1, -1 br i1 %51, label %52, label %151, !prof !4, !misexpect !5 %53 = add i64 %4, %1 %54 = icmp sgt i64 %53, -1 br i1 %54, label %55, label %151, !prof !4, !misexpect !5 %56 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 39 %57 = load %struct.file_lock_context*, %struct.file_lock_context** %56, align 8 %58 = icmp eq %struct.file_lock_context* %57, null br i1 %58, label %73, label %59 %60 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %25, i64 0, i32 10 %61 = load i64, i64* %60, align 16 %62 = and i64 %61, 64 %63 = icmp ne i64 %62, 0 %64 = and i16 %11, 1032 %65 = icmp eq i16 %64, 1024 %66 = and i1 %65, %63 br i1 %66, label %67, label %73, !prof !6 %74 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %0, i32 4) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 do_clone_file_range 2 vfs_clone_file_range 3 do_vfs_ioctl 4 __x64_sys_ioctl ------------- Path:  Function:__x64_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = tail call i64 @__fdget(i32 %8) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.124588* %13 = icmp eq i64 %11, 0 br i1 %13, label %24, label %14 %15 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %12, i32 %9, i64 %7) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %19 %18 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %12, i32 %8, i32 %9, i64 %7) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %17 = tail call i32 @do_clone_file_range(%struct.file.39652* %0, i64 %1, %struct.file.39652* %2, i64 %3, i64 %4) #70 Function:do_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %9 = load %struct.inode.39644*, %struct.inode.39644** %8, align 8 %10 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, -4096 %13 = icmp eq i16 %12, 16384 br i1 %13, label %151, label %14 %15 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 0 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, -4096 %18 = icmp eq i16 %17, 16384 br i1 %18, label %151, label %19 %20 = icmp eq i16 %12, -32768 %21 = icmp eq i16 %17, -32768 %22 = and i1 %20, %21 br i1 %22, label %23, label %151 %24 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %25 = load %struct.super_block.39641*, %struct.super_block.39641** %24, align 8 %26 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 8 %27 = load %struct.super_block.39641*, %struct.super_block.39641** %26, align 8 %28 = icmp eq %struct.super_block.39641* %25, %27 br i1 %28, label %29, label %151 %30 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %151, label %34 %35 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 8 %36 = load i32, i32* %35, align 4 %37 = and i32 %36, 2 %38 = icmp eq i32 %37, 0 br i1 %38, label %151, label %39 %40 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 7 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 1024 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %151 %45 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 3 %46 = load %struct.file_operations.39492*, %struct.file_operations.39492** %45, align 8 %47 = getelementptr inbounds %struct.file_operations.39492, %struct.file_operations.39492* %46, i64 0, i32 29 %48 = load i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)*, i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)** %47, align 8 %49 = icmp eq i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* %48, null br i1 %49, label %151, label %50 %51 = icmp sgt i64 %1, -1 br i1 %51, label %52, label %151, !prof !4, !misexpect !5 %53 = add i64 %4, %1 %54 = icmp sgt i64 %53, -1 br i1 %54, label %55, label %151, !prof !4, !misexpect !5 %56 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 39 %57 = load %struct.file_lock_context*, %struct.file_lock_context** %56, align 8 %58 = icmp eq %struct.file_lock_context* %57, null br i1 %58, label %73, label %59 %60 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %25, i64 0, i32 10 %61 = load i64, i64* %60, align 16 %62 = and i64 %61, 64 %63 = icmp ne i64 %62, 0 %64 = and i16 %11, 1032 %65 = icmp eq i16 %64, 1024 %66 = and i1 %65, %63 br i1 %66, label %67, label %73, !prof !6 %74 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %0, i32 4) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 do_clone_file_range 2 vfs_clone_file_range 3 do_vfs_ioctl 4 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %1207 = tail call i32 bitcast (i32 (%struct.file.124588*, i32, i32, i64)* @do_vfs_ioctl to i32 (%struct.file.140166*, i32, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %17 = tail call i32 @do_clone_file_range(%struct.file.39652* %0, i64 %1, %struct.file.39652* %2, i64 %3, i64 %4) #70 Function:do_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %9 = load %struct.inode.39644*, %struct.inode.39644** %8, align 8 %10 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, -4096 %13 = icmp eq i16 %12, 16384 br i1 %13, label %151, label %14 %15 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 0 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, -4096 %18 = icmp eq i16 %17, 16384 br i1 %18, label %151, label %19 %20 = icmp eq i16 %12, -32768 %21 = icmp eq i16 %17, -32768 %22 = and i1 %20, %21 br i1 %22, label %23, label %151 %24 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %25 = load %struct.super_block.39641*, %struct.super_block.39641** %24, align 8 %26 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %9, i64 0, i32 8 %27 = load %struct.super_block.39641*, %struct.super_block.39641** %26, align 8 %28 = icmp eq %struct.super_block.39641* %25, %27 br i1 %28, label %29, label %151 %30 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %151, label %34 %35 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 8 %36 = load i32, i32* %35, align 4 %37 = and i32 %36, 2 %38 = icmp eq i32 %37, 0 br i1 %38, label %151, label %39 %40 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 7 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 1024 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %151 %45 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 3 %46 = load %struct.file_operations.39492*, %struct.file_operations.39492** %45, align 8 %47 = getelementptr inbounds %struct.file_operations.39492, %struct.file_operations.39492* %46, i64 0, i32 29 %48 = load i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)*, i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)** %47, align 8 %49 = icmp eq i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* %48, null br i1 %49, label %151, label %50 %51 = icmp sgt i64 %1, -1 br i1 %51, label %52, label %151, !prof !4, !misexpect !5 %53 = add i64 %4, %1 %54 = icmp sgt i64 %53, -1 br i1 %54, label %55, label %151, !prof !4, !misexpect !5 %56 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 39 %57 = load %struct.file_lock_context*, %struct.file_lock_context** %56, align 8 %58 = icmp eq %struct.file_lock_context* %57, null br i1 %58, label %73, label %59 %60 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %25, i64 0, i32 10 %61 = load i64, i64* %60, align 16 %62 = and i64 %61, 64 %63 = icmp ne i64 %62, 0 %64 = and i16 %11, 1032 %65 = icmp eq i16 %64, 1024 %66 = and i1 %65, %63 br i1 %66, label %67, label %73, !prof !6 %74 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %0, i32 4) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __ia32_sys_pread64 ------------- Path:  Function:__ia32_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.39652* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_read(%struct.file.39652* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __x64_sys_pread64 ------------- Path:  Function:__x64_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.39652* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_read(%struct.file.39652* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 ksys_pread64 4 __ia32_compat_sys_x86_pread ------------- Path:  Function:__ia32_compat_sys_x86_pread %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pread64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pread64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.39652* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_read(%struct.file.39652* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __ia32_sys_pwrite64 ------------- Path:  Function:__ia32_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.39652* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_write(%struct.file.39652* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __x64_sys_pwrite64 ------------- Path:  Function:__x64_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.39652* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_write(%struct.file.39652* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 ksys_pwrite64 4 __ia32_compat_sys_x86_pwrite ------------- Path:  Function:__ia32_compat_sys_x86_pwrite %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pwrite64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pwrite64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.39652* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_write(%struct.file.39652* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.230059*, %struct.file.230059** @redirect, align 8 %6 = icmp eq %struct.file.230059* %5, null br i1 %6, label %11, label %7 %8 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %5, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %5, i64 0, i32 10 %10 = tail call i64 bitcast (i64 (%struct.file.39652*, i8*, i64, i64*)* @vfs_write to i64 (%struct.file.230059*, i8*, i64, i64*)*)(%struct.file.230059* nonnull %5, i8* %1, i64 %2, i64* %9) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 2 %6 = load %struct.inode.39644*, %struct.inode.39644** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %54, !prof !4, !misexpect !5 %9 = load i64, i64* %2, align 8 %10 = icmp sgt i64 %9, -1 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = add nuw i64 %9, %3 %21 = icmp sgt i64 %20, -1 br i1 %21, label %27, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %1, i64 0, i32 8 %24 = load i32, i32* %23, align 4 %25 = and i32 %24, 8192 %26 = icmp eq i32 %25, 0 br i1 %26, label %54, label %27 %28 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 39 %29 = load %struct.file_lock_context*, %struct.file_lock_context** %28, align 8 %30 = icmp eq %struct.file_lock_context* %29, null br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 8 %33 = load %struct.super_block.39641*, %struct.super_block.39641** %32, align 8 %34 = getelementptr inbounds %struct.super_block.39641, %struct.super_block.39641* %33, i64 0, i32 10 %35 = load i64, i64* %34, align 16 %36 = and i64 %35, 64 %37 = icmp eq i64 %36, 0 br i1 %37, label %50, label %38 %39 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %6, i64 0, i32 0 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 1032 %42 = icmp eq i16 %41, 1024 br i1 %42, label %43, label %50, !prof !6, !misexpect !5 %51 = icmp eq i32 %0, 0 %52 = select i1 %51, i32 4, i32 2 %53 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.39652*, i32)*)(%struct.file.39652* %1, i32 %52) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __ia32_sys_fallocate ------------- Path:  Function:__ia32_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.120508* %14 = icmp eq i64 %12, 0 br i1 %14, label %23, label %15 %16 = and i64 %9, 4294967295 %17 = and i64 %7, 4294967295 %18 = trunc i64 %5 to i32 %19 = tail call i32 @vfs_fallocate(%struct.file.120508* nonnull %13, i32 %18, i64 %17, i64 %16) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 2 %6 = load %struct.inode.120727*, %struct.inode.120727** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %124, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %124, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %124 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %124 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %124 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %124, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %124 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %124 %56 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.120508*, i32)*)(%struct.file.120508* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __x64_sys_fallocate ------------- Path:  Function:__x64_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.120508* %14 = icmp eq i64 %12, 0 br i1 %14, label %21, label %15 %16 = trunc i64 %5 to i32 %17 = tail call i32 @vfs_fallocate(%struct.file.120508* nonnull %13, i32 %16, i64 %7, i64 %9) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 2 %6 = load %struct.inode.120727*, %struct.inode.120727** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %124, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %124, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %124 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %124 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %124 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %124, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %124 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %124 %56 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.120508*, i32)*)(%struct.file.120508* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 ksys_fallocate 3 __ia32_compat_sys_x86_fallocate ------------- Path:  Function:__ia32_compat_sys_x86_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = shl i64 %10, 32 %19 = or i64 %18, %8 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = tail call i32 @ksys_fallocate(i32 %16, i32 %17, i64 %19, i64 %21) #69 Function:ksys_fallocate %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.120508* %8 = icmp eq i64 %6, 0 br i1 %8, label %14, label %9 %10 = tail call i32 @vfs_fallocate(%struct.file.120508* nonnull %7, i32 %1, i64 %2, i64 %3) #70 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 2 %6 = load %struct.inode.120727*, %struct.inode.120727** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %124, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %124, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %124 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %124 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %124 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %124, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %124 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %124 %56 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.120508*, i32)*)(%struct.file.120508* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] store %struct.vm_area_struct.115591* null, %struct.vm_area_struct.115591** %7, align 8 %91 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 8 %92 = load i64, i64* %91, align 8 %93 = and i64 %92, 8192 %94 = icmp eq i64 %93, 0 br i1 %94, label %95, label %373 %96 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %97 = load %struct.file.115359*, %struct.file.115359** %96, align 8 %98 = icmp eq %struct.file.115359* %97, null br i1 %98, label %373, label %99 %100 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %97, i64 0, i32 19 %101 = load %struct.address_space.115581*, %struct.address_space.115581** %100, align 8 %102 = icmp eq %struct.address_space.115581* %101, null br i1 %102, label %373, label %103 %104 = getelementptr inbounds %struct.address_space.115581, %struct.address_space.115581* %101, i64 0, i32 0 %105 = load %struct.inode.115574*, %struct.inode.115574** %104, align 8 %106 = icmp eq %struct.inode.115574* %105, null br i1 %106, label %373, label %107 %108 = and i64 %92, 10 %109 = icmp eq i64 %108, 10 br i1 %109, label %110, label %373 %111 = load i64, i64* %78, align 8 %112 = sub i64 %85, %111 %113 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 13 %114 = load i64, i64* %113, align 8 %115 = shl i64 %114, 12 %116 = add i64 %112, %115 %117 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %97, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %117, i64* %117) #6, !srcloc !5 %118 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %119 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %118, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %119) #69 %120 = sub i64 %89, %85 %121 = call i32 bitcast (i32 (%struct.file.120508*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.115359*, i32, i64, i64)*)(%struct.file.115359* nonnull %97, i32 3, i64 %116, i64 %120) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 2 %6 = load %struct.inode.120727*, %struct.inode.120727** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %124, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %124, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %124 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %124 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %124 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %124, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %124 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %124 %56 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.120508*, i32)*)(%struct.file.120508* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] store %struct.vm_area_struct.115591* null, %struct.vm_area_struct.115591** %7, align 8 %91 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 8 %92 = load i64, i64* %91, align 8 %93 = and i64 %92, 8192 %94 = icmp eq i64 %93, 0 br i1 %94, label %95, label %373 %96 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %97 = load %struct.file.115359*, %struct.file.115359** %96, align 8 %98 = icmp eq %struct.file.115359* %97, null br i1 %98, label %373, label %99 %100 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %97, i64 0, i32 19 %101 = load %struct.address_space.115581*, %struct.address_space.115581** %100, align 8 %102 = icmp eq %struct.address_space.115581* %101, null br i1 %102, label %373, label %103 %104 = getelementptr inbounds %struct.address_space.115581, %struct.address_space.115581* %101, i64 0, i32 0 %105 = load %struct.inode.115574*, %struct.inode.115574** %104, align 8 %106 = icmp eq %struct.inode.115574* %105, null br i1 %106, label %373, label %107 %108 = and i64 %92, 10 %109 = icmp eq i64 %108, 10 br i1 %109, label %110, label %373 %111 = load i64, i64* %78, align 8 %112 = sub i64 %85, %111 %113 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 13 %114 = load i64, i64* %113, align 8 %115 = shl i64 %114, 12 %116 = add i64 %112, %115 %117 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %97, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %117, i64* %117) #6, !srcloc !5 %118 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %119 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %118, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %119) #69 %120 = sub i64 %89, %85 %121 = call i32 bitcast (i32 (%struct.file.120508*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.115359*, i32, i64, i64)*)(%struct.file.115359* nonnull %97, i32 3, i64 %116, i64 %120) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 2 %6 = load %struct.inode.120727*, %struct.inode.120727** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %124, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %124, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %124 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %124 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %124 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %124, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %124 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %124 %56 = tail call i32 bitcast (i32 (%struct.file.229025*, i32)* @security_file_permission to i32 (%struct.file.120508*, i32)*)(%struct.file.120508* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 62, i32 0) to %struct.security_hook_list.229313**), align 8 %4 = icmp eq %struct.security_hook_list.229313* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list.229313* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list.229313, %struct.security_hook_list.229313* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options.229312* %7 to i32 (%struct.file.229025*, i32)** %9 = load i32 (%struct.file.229025*, i32)*, i32 (%struct.file.229025*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.229025* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %43 %13 = bitcast %struct.security_hook_list.229313* %6 to %struct.security_hook_list.229313** %14 = load %struct.security_hook_list.229313*, %struct.security_hook_list.229313** %13, align 8 %15 = icmp eq %struct.security_hook_list.229313* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 2 %19 = load %struct.inode.229204*, %struct.inode.229204** %18, align 8 %20 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %43, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %34 %31 = and i32 %1, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %34 %35 = phi i32 [ 65536, %27 ], [ 131072, %30 ] %36 = getelementptr inbounds %struct.file.229025, %struct.file.229025* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.229191*, %struct.dentry.229191** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.228955*, %struct.dentry.229191*, i32)*)(%struct.path.228955* %17, %struct.dentry.229191* %37, i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 generic_file_write_iter ------------- Path:  Function:generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 24 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %9) #69 %10 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 19 %12 = load %struct.address_space.100583*, %struct.address_space.100583** %11, align 8 %13 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %12, i64 0, i32 0 %14 = load %struct.inode.100633*, %struct.inode.100633** %13, align 8 %15 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %15, i64 0, i32 86 %17 = load %struct.signal_struct.100439*, %struct.signal_struct.100439** %16, align 64 %18 = getelementptr %struct.signal_struct.100439, %struct.signal_struct.100439* %17, i64 0, i32 50, i64 1, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %81, label %23 %24 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %31 %32 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = phi i64 [ %30, %28 ], [ %33, %31 ] %37 = and i32 %25, 132 %38 = icmp eq i32 %37, 128 br i1 %38, label %81, label %39 %40 = icmp eq i64 %19, -1 br i1 %40, label %41, label %43 %44 = icmp ugt i64 %19, %36 br i1 %44, label %47, label %45 %48 = sub i64 %19, %36 %49 = load i64, i64* %20, align 8 %50 = icmp ugt i64 %49, %48 br i1 %50, label %51, label %52 store i64 %48, i64* %20, align 8 br label %52 %53 = phi i64 [ %42, %41 ], [ %48, %51 ], [ %49, %47 ] %54 = add i64 %53, %36 %55 = icmp ugt i64 %54, 2147483647 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 7 %58 = load i32, i32* %57, align 8 %59 = trunc i32 %58 to i16 %60 = icmp slt i16 %59, 0 br i1 %60, label %67, label %61, !prof !5, !misexpect !6 %62 = icmp ugt i64 %36, 2147483646 br i1 %62, label %81, label %63 %64 = sub nuw nsw i64 2147483647, %36 %65 = icmp ugt i64 %53, %64 br i1 %65, label %66, label %67 store i64 %64, i64* %20, align 8 br label %67 %68 = phi i64 [ %64, %66 ], [ %53, %63 ], [ %53, %52 ], [ %53, %56 ] %69 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 8 %70 = load %struct.super_block.100615*, %struct.super_block.100615** %69, align 8 %71 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = icmp sgt i64 %72, %36 br i1 %73, label %74, label %81, !prof !5, !misexpect !6 %75 = sub i64 %72, %36 %76 = icmp ugt i64 %68, %75 br i1 %76, label %77, label %78 %79 = phi i64 [ %68, %74 ], [ %75, %77 ] %80 = icmp sgt i64 %79, 0 br i1 %80, label %83, label %81 %84 = tail call i64 @__generic_file_write_iter(%struct.kiocb.100573* %0, %struct.iov_iter* %1) #70 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 br label %187 %188 = phi i32 [ %184, %183 ], [ %186, %185 ] %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %233 %191 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %192 = shl i32 %124, 1 %193 = and i32 %192, 4 %194 = select i1 %137, i32 %193, i32 4 %195 = or i32 %194, 2 %196 = lshr i32 %124, 2 %197 = and i32 %196, 2 %198 = or i32 %194, %197 %199 = and i32 %124, 48 %200 = icmp eq i32 %199, 48 br i1 %200, label %201, label %203 %204 = and i32 %124, 16 %205 = icmp eq i32 %204, 0 br i1 %205, label %208, label %206 %209 = and i32 %124, 32 %210 = icmp eq i32 %209, 0 %211 = select i1 %210, i32 %198, i32 %195 br label %212 %213 = phi i32 [ %202, %201 ], [ %207, %206 ], [ %211, %208 ] %214 = shl i32 %124, 2 %215 = and i32 %214, 4 %216 = or i32 %213, %215 %217 = icmp eq i32 %216, 0 br i1 %217, label %233, label %218 %219 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %191, i64 0, i32 0 %220 = load i16, i16* %219, align 8 %221 = and i16 %220, -4096 %222 = icmp eq i16 %221, 16384 %223 = or i32 %216, 1073741824 %224 = select i1 %222, i32 %223, i32 %216 %225 = icmp eq %struct.dentry.126744* %0, null br i1 %225, label %226, label %228 %227 = load %struct.dentry.126744*, %struct.dentry.126744** inttoptr (i64 8 to %struct.dentry.126744**), align 8 br label %228 %229 = phi %struct.dentry.126744* [ %0, %218 ], [ %227, %226 ] %230 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.126591*, %struct.dentry.126744*, i32)*)(%struct.path.126591* null, %struct.dentry.126744* %229, i32 %224) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %5 = load %struct.file.133631*, %struct.file.133631** %4, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %5, i64 0, i32 19 %7 = load %struct.address_space.133508*, %struct.address_space.133508** %6, align 8 %8 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %7, i64 0, i32 0 %9 = load %struct.inode.133641*, %struct.inode.133641** %8, align 8 %10 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.133641, %struct.inode.133641* %9, i64 -1, i32 40 %14 = bitcast %struct.address_space.133508* %13 to %struct.block_device.133500* %15 = tail call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.133500*)*)(%struct.block_device.133500* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %59 %18 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %59, label %21 %22 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp sgt i64 %11, %23 br i1 %24, label %25, label %59 %26 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 4 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 132 %29 = icmp eq i32 %28, 128 br i1 %29, label %59, label %30 %31 = sub i64 %11, %23 %32 = icmp ugt i64 %19, %31 br i1 %32, label %33, label %35 %34 = sub i64 %19, %31 store i64 %31, i64* %18, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ 0, %30 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %37 = call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 br label %187 %188 = phi i32 [ %184, %183 ], [ %186, %185 ] %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %233 %191 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %192 = shl i32 %124, 1 %193 = and i32 %192, 4 %194 = select i1 %137, i32 %193, i32 4 %195 = or i32 %194, 2 %196 = lshr i32 %124, 2 %197 = and i32 %196, 2 %198 = or i32 %194, %197 %199 = and i32 %124, 48 %200 = icmp eq i32 %199, 48 br i1 %200, label %201, label %203 %204 = and i32 %124, 16 %205 = icmp eq i32 %204, 0 br i1 %205, label %208, label %206 %209 = and i32 %124, 32 %210 = icmp eq i32 %209, 0 %211 = select i1 %210, i32 %198, i32 %195 br label %212 %213 = phi i32 [ %202, %201 ], [ %207, %206 ], [ %211, %208 ] %214 = shl i32 %124, 2 %215 = and i32 %214, 4 %216 = or i32 %213, %215 %217 = icmp eq i32 %216, 0 br i1 %217, label %233, label %218 %219 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %191, i64 0, i32 0 %220 = load i16, i16* %219, align 8 %221 = and i16 %220, -4096 %222 = icmp eq i16 %221, 16384 %223 = or i32 %216, 1073741824 %224 = select i1 %222, i32 %223, i32 %216 %225 = icmp eq %struct.dentry.126744* %0, null br i1 %225, label %226, label %228 %227 = load %struct.dentry.126744*, %struct.dentry.126744** inttoptr (i64 8 to %struct.dentry.126744**), align 8 br label %228 %229 = phi %struct.dentry.126744* [ %0, %218 ], [ %227, %226 ] %230 = tail call i32 bitcast (i32 (%struct.path.134687*, %struct.dentry.134949*, i32)* @__fsnotify_parent to i32 (%struct.path.126591*, %struct.dentry.126744*, i32)*)(%struct.path.126591* null, %struct.dentry.126744* %229, i32 %224) #69 ------------- Good: 140 Bad: 18 Ignored: 135 Check Use of Function:_dev_alert Check Use of Function:vfs_create Check Use of Function:disk_part_iter_exit Check Use of Function:hugetlbfs_create Check Use of Function:vfat_unlink Check Use of Function:dev_change_carrier Check Use of Function:security_sem_semctl Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %37 = icmp eq i32 %22, 0 br i1 %37, label %109, label %38 %40 = inttoptr i64 %15 to i32* %41 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %40, i64 4, i64 %39) #6, !srcloc !4 %42 = extractvalue { i32*, i64, i64 } %41, 0 %43 = extractvalue { i32*, i64, i64 } %41, 2 %44 = ptrtoint i32* %42 to i64 %45 = and i64 %44, 4294967295 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %109, !prof !5, !misexpect !6 %48 = extractvalue { i32*, i64, i64 } %41, 1 %49 = trunc i64 %48 to i32 %50 = tail call i64 @compat_ksys_semctl(i32 %19, i32 %20, i32 %21, i32 %49) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %17, i32 %0, i32 %12, %struct.semid64_ds* nonnull %7) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %25, i64 0, i32 96 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 32 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %17, i32 %0, i32 %12, %struct.semid64_ds* nonnull %7) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %25, i64 0, i32 96 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 32 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 ksys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %3 to i32 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = tail call i64 @ksys_semctl(i32 %11, i32 %12, i32 %13, i64 %10) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %19 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %2, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %25, i64 0, i32 96 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 32 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 ksys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = tail call i64 @ksys_semctl(i32 %10, i32 %11, i32 %12, i64 %9) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %19 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %2, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %25, i64 0, i32 96 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 32 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 compat_ksys_semctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %37 = icmp eq i32 %22, 0 br i1 %37, label %109, label %38 %40 = inttoptr i64 %15 to i32* %41 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %40, i64 4, i64 %39) #6, !srcloc !4 %42 = extractvalue { i32*, i64, i64 } %41, 0 %43 = extractvalue { i32*, i64, i64 } %41, 2 %44 = ptrtoint i32* %42 to i64 %45 = and i64 %44, 4294967295 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %109, !prof !5, !misexpect !6 %48 = extractvalue { i32*, i64, i64 } %41, 1 %49 = trunc i64 %48 to i32 %50 = tail call i64 @compat_ksys_semctl(i32 %19, i32 %20, i32 %21, i32 %49) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %21 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace* %17, i32 %12, i8* %9) #69 Function:semctl_info %4 = alloca %struct.real_mode_header, align 4 %5 = bitcast %struct.real_mode_header* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %21 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace* %17, i32 %12, i8* %9) #69 Function:semctl_info %4 = alloca %struct.real_mode_header, align 4 %5 = bitcast %struct.real_mode_header* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 ksys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %3 to i32 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = tail call i64 @ksys_semctl(i32 %11, i32 %12, i32 %13, i64 %10) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %16 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace* %14, i32 %2, i8* %6) #69 Function:semctl_info %4 = alloca %struct.real_mode_header, align 4 %5 = bitcast %struct.real_mode_header* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 ksys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = tail call i64 @ksys_semctl(i32 %10, i32 %11, i32 %12, i64 %9) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %16 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace* %14, i32 %2, i8* %6) #69 Function:semctl_info %4 = alloca %struct.real_mode_header, align 4 %5 = bitcast %struct.real_mode_header* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Good: 3 Bad: 8 Ignored: 0 Check Use of Function:mq_walk Check Use of Function:tid_fd_revalidate Check Use of Function:rtnl_register Check Use of Function:ext4_xattr_trusted_get Check Use of Function:swap_type_of Check Use of Function:__get_locked_pte Check Use of Function:__ext4_journal_stop Check Use of Function:ext4_xattr_user_get Check Use of Function:drm_addmap_core Check Use of Function:destroy_local_trace_kprobe Check Use of Function:fib6_add Check Use of Function:enable_swap_slots_cache Check Use of Function:tty_name Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %122 = tail call i32 @__tty_check_change(%struct.tty_struct.316116* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %3, i64 0, i32 86 %5 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %5, i64 0, i32 25 %7 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %6, align 8 %8 = icmp eq %struct.tty_struct.316116* %7, %0 br i1 %8, label %9, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %4, align 64 %11 = getelementptr %struct.signal_struct.316122, %struct.signal_struct.316122* %10, i64 0, i32 22, i64 2 %12 = load %struct.pid.39326*, %struct.pid.39326** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %0, i64 0, i32 19 %16 = load %struct.pid.39326*, %struct.pid.39326** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.39326* %16, null br i1 %17, label %47, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_driver_name to i8* (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %0) #69 %49 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_name to i8* (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %122 = tail call i32 @__tty_check_change(%struct.tty_struct.316116* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %3, i64 0, i32 86 %5 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %5, i64 0, i32 25 %7 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %6, align 8 %8 = icmp eq %struct.tty_struct.316116* %7, %0 br i1 %8, label %9, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %4, align 64 %11 = getelementptr %struct.signal_struct.316122, %struct.signal_struct.316122* %10, i64 0, i32 22, i64 2 %12 = load %struct.pid.39326*, %struct.pid.39326** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %0, i64 0, i32 19 %16 = load %struct.pid.39326*, %struct.pid.39326** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.39326* %16, null br i1 %17, label %47, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_driver_name to i8* (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %0) #69 %49 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_name to i8* (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct.320005, %struct.tty_struct.320005* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct.320005, %struct.tty_struct.320005* %0, i64 0, i32 44 %26 = load %struct.tty_port.319998*, %struct.tty_port.319998** %25, align 8 tail call void bitcast (void (%struct.tty_port.315001*, %struct.tty_struct.314998*, %struct.file.314944*)* @tty_port_close to void (%struct.tty_port.319998*, %struct.tty_struct.320005*, %struct.file.319947*)*)(%struct.tty_port.319998* %26, %struct.tty_struct.320005* %0, %struct.file.319947* %1) #69 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.315001* %0, %struct.tty_struct.314998* %1, %struct.file.314944* %2) #69 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file.230059*)* @tty_hung_up_p to i32 (%struct.file.314944*)*)(%struct.file.314944* %2) #69 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %73 %7 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = getelementptr inbounds %struct.tty_struct.314998, %struct.tty_struct.314998* %1, i64 0, i32 22 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %15 = icmp eq i32 %13, 1 br i1 %15, label %21, label %16 %17 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_driver_name to i8* (%struct.tty_struct.314998*)*)(%struct.tty_struct.314998* %1) #69 %18 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_name to i8* (%struct.tty_struct.314998*)*)(%struct.tty_struct.314998* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct.320005, %struct.tty_struct.320005* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct.320005, %struct.tty_struct.320005* %0, i64 0, i32 44 %26 = load %struct.tty_port.319998*, %struct.tty_port.319998** %25, align 8 tail call void bitcast (void (%struct.tty_port.315001*, %struct.tty_struct.314998*, %struct.file.314944*)* @tty_port_close to void (%struct.tty_port.319998*, %struct.tty_struct.320005*, %struct.file.319947*)*)(%struct.tty_port.319998* %26, %struct.tty_struct.320005* %0, %struct.file.319947* %1) #69 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.315001* %0, %struct.tty_struct.314998* %1, %struct.file.314944* %2) #69 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file.230059*)* @tty_hung_up_p to i32 (%struct.file.314944*)*)(%struct.file.314944* %2) #69 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %73 %7 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = getelementptr inbounds %struct.tty_struct.314998, %struct.tty_struct.314998* %1, i64 0, i32 22 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %24 = add i32 %13, -1 %25 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 7 store i32 %24, i32* %25, align 8 %26 = icmp slt i32 %24, 0 br i1 %26, label %27, label %32 %28 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_driver_name to i8* (%struct.tty_struct.314998*)*)(%struct.tty_struct.314998* %1) #69 %29 = tail call i8* bitcast (i8* (%struct.tty_struct.230612*)* @tty_name to i8* (%struct.tty_struct.314998*)*)(%struct.tty_struct.314998* %1) #69 ------------- Good: 11 Bad: 4 Ignored: 52 Check Use of Function:uts_proc_notify Check Use of Function:ip6_route_info_create Check Use of Function:blk_rq_map_kern Check Use of Function:__break_lease Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 generic_file_write_iter ------------- Path:  Function:generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 24 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %9) #69 %10 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 19 %12 = load %struct.address_space.100583*, %struct.address_space.100583** %11, align 8 %13 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %12, i64 0, i32 0 %14 = load %struct.inode.100633*, %struct.inode.100633** %13, align 8 %15 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %15, i64 0, i32 86 %17 = load %struct.signal_struct.100439*, %struct.signal_struct.100439** %16, align 64 %18 = getelementptr %struct.signal_struct.100439, %struct.signal_struct.100439* %17, i64 0, i32 50, i64 1, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %81, label %23 %24 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %31 %32 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = phi i64 [ %30, %28 ], [ %33, %31 ] %37 = and i32 %25, 132 %38 = icmp eq i32 %37, 128 br i1 %38, label %81, label %39 %40 = icmp eq i64 %19, -1 br i1 %40, label %41, label %43 %44 = icmp ugt i64 %19, %36 br i1 %44, label %47, label %45 %48 = sub i64 %19, %36 %49 = load i64, i64* %20, align 8 %50 = icmp ugt i64 %49, %48 br i1 %50, label %51, label %52 store i64 %48, i64* %20, align 8 br label %52 %53 = phi i64 [ %42, %41 ], [ %48, %51 ], [ %49, %47 ] %54 = add i64 %53, %36 %55 = icmp ugt i64 %54, 2147483647 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 7 %58 = load i32, i32* %57, align 8 %59 = trunc i32 %58 to i16 %60 = icmp slt i16 %59, 0 br i1 %60, label %67, label %61, !prof !5, !misexpect !6 %62 = icmp ugt i64 %36, 2147483646 br i1 %62, label %81, label %63 %64 = sub nuw nsw i64 2147483647, %36 %65 = icmp ugt i64 %53, %64 br i1 %65, label %66, label %67 store i64 %64, i64* %20, align 8 br label %67 %68 = phi i64 [ %64, %66 ], [ %53, %63 ], [ %53, %52 ], [ %53, %56 ] %69 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 8 %70 = load %struct.super_block.100615*, %struct.super_block.100615** %69, align 8 %71 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = icmp sgt i64 %72, %36 br i1 %73, label %74, label %81, !prof !5, !misexpect !6 %75 = sub i64 %72, %36 %76 = icmp ugt i64 %68, %75 br i1 %76, label %77, label %78 %79 = phi i64 [ %68, %74 ], [ %75, %77 ] %80 = icmp sgt i64 %79, 0 br i1 %80, label %83, label %81 %84 = tail call i64 @__generic_file_write_iter(%struct.kiocb.100573* %0, %struct.iov_iter* %1) #70 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %160 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %157, i64 0, i32 3 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %160, i64 0, i32 0 %162 = load %struct.list_head*, %struct.list_head** %161, align 8 %163 = icmp eq %struct.list_head* %162, %160 br i1 %163, label %164, label %168 %165 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %157, i64 0, i32 3, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %160 br i1 %167, label %176, label %168 %169 = tail call i32 bitcast (i32 (%struct.inode.139942*, i32, i32)* @__break_lease to i32 (%struct.inode.126756*, i32, i32)*)(%struct.inode.126756* %5, i32 2049, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %5 = load %struct.file.133631*, %struct.file.133631** %4, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %5, i64 0, i32 19 %7 = load %struct.address_space.133508*, %struct.address_space.133508** %6, align 8 %8 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %7, i64 0, i32 0 %9 = load %struct.inode.133641*, %struct.inode.133641** %8, align 8 %10 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.133641, %struct.inode.133641* %9, i64 -1, i32 40 %14 = bitcast %struct.address_space.133508* %13 to %struct.block_device.133500* %15 = tail call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.133500*)*)(%struct.block_device.133500* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %59 %18 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %59, label %21 %22 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp sgt i64 %11, %23 br i1 %24, label %25, label %59 %26 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 4 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 132 %29 = icmp eq i32 %28, 128 br i1 %29, label %59, label %30 %31 = sub i64 %11, %23 %32 = icmp ugt i64 %19, %31 br i1 %32, label %33, label %35 %34 = sub i64 %19, %31 store i64 %31, i64* %18, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ 0, %30 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %37 = call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %160 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %157, i64 0, i32 3 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %160, i64 0, i32 0 %162 = load %struct.list_head*, %struct.list_head** %161, align 8 %163 = icmp eq %struct.list_head* %162, %160 br i1 %163, label %164, label %168 %165 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %157, i64 0, i32 3, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %160 br i1 %167, label %176, label %168 %169 = tail call i32 bitcast (i32 (%struct.inode.139942*, i32, i32)* @__break_lease to i32 (%struct.inode.126756*, i32, i32)*)(%struct.inode.126756* %5, i32 2049, i32 4) #69 ------------- Good: 27 Bad: 2 Ignored: 26 Check Use of Function:__vfs_setxattr_noperm Check Use of Function:blkdev_read_iter Check Use of Function:hibernate Use: =BAD PATH= Call Stack: 0 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #69 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.6559, i64 0, i64 0), i64 4) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #69 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:dev_ingress_queue_create Check Use of Function:ipcperms Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 compat_ksys_shmctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %107 = inttoptr i64 %15 to i8* %108 = tail call i64 @compat_ksys_shmctl(i32 %19, i32 %20, i8* %107) #69 Function:compat_ksys_shmctl %4 = alloca %struct.compat_shmid64_ds, align 4 %5 = alloca %struct.compat_shmid_ds, align 4 %6 = alloca %struct.mmap_arg_struct32, align 4 %7 = alloca %struct.ethtool_ringparam, align 4 %8 = alloca %struct.gnet_stats_queue, align 4 %9 = alloca %struct.shmid64_ds, align 8 %10 = alloca %struct.shm_info, align 8 %11 = bitcast %struct.shmid64_ds* %9 to i8* %12 = and i32 %1, 256 %13 = and i32 %1, -257 %14 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %14, i64 0, i32 85 %16 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %17, align 8 %19 = or i32 %1, %0 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %225 switch i32 %13, label %225 [ i32 3, label %22 i32 14, label %82 i32 2, label %118 i32 15, label %118 i32 13, label %118 i32 1, label %207 i32 0, label %219 i32 11, label %222 i32 12, label %222 ] %119 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.224021* %18, i32 %0, i32 %13, %struct.shmid64_ds* nonnull %9) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 compat_ksys_shmctl 2 __ia32_compat_sys_shmctl ------------- Path:  Function:__ia32_compat_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call i64 @compat_ksys_shmctl(i32 %9, i32 %10, i8* %11) #69 Function:compat_ksys_shmctl %4 = alloca %struct.compat_shmid64_ds, align 4 %5 = alloca %struct.compat_shmid_ds, align 4 %6 = alloca %struct.mmap_arg_struct32, align 4 %7 = alloca %struct.ethtool_ringparam, align 4 %8 = alloca %struct.gnet_stats_queue, align 4 %9 = alloca %struct.shmid64_ds, align 8 %10 = alloca %struct.shm_info, align 8 %11 = bitcast %struct.shmid64_ds* %9 to i8* %12 = and i32 %1, 256 %13 = and i32 %1, -257 %14 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %14, i64 0, i32 85 %16 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %17, align 8 %19 = or i32 %1, %0 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %225 switch i32 %13, label %225 [ i32 3, label %22 i32 14, label %82 i32 2, label %118 i32 15, label %118 i32 13, label %118 i32 1, label %207 i32 0, label %219 i32 11, label %222 i32 12, label %222 ] %119 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.224021* %18, i32 %0, i32 %13, %struct.shmid64_ds* nonnull %9) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 ksys_shmctl 2 __ia32_sys_shmctl ------------- Path:  Function:__ia32_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.shmid_ds* %12 = tail call i64 @ksys_shmctl(i32 %9, i32 %10, %struct.shmid_ds* %11) #69 Function:ksys_shmctl %4 = alloca %struct.shmid64_ds, align 8 %5 = alloca %struct.mem_dqblk, align 8 %6 = alloca %struct.shm_info, align 8 %7 = bitcast %struct.shmid64_ds* %4 to i8* %8 = or i32 %1, %0 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %89 %11 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %11, i64 0, i32 85 %13 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %14, align 8 switch i32 %1, label %89 [ i32 3, label %16 i32 14, label %56 i32 13, label %68 i32 15, label %68 i32 2, label %68 i32 1, label %79 i32 0, label %83 i32 11, label %86 i32 12, label %86 ] %69 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.224021* %15, i32 %0, i32 %1, %struct.shmid64_ds* nonnull %4) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 ksys_shmctl 2 __x64_sys_shmctl ------------- Path:  Function:__x64_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to %struct.shmid_ds** %8 = load %struct.shmid_ds*, %struct.shmid_ds** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @ksys_shmctl(i32 %9, i32 %10, %struct.shmid_ds* %8) #69 Function:ksys_shmctl %4 = alloca %struct.shmid64_ds, align 8 %5 = alloca %struct.mem_dqblk, align 8 %6 = alloca %struct.shm_info, align 8 %7 = bitcast %struct.shmid64_ds* %4 to i8* %8 = or i32 %1, %0 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %89 %11 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %11, i64 0, i32 85 %13 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %14, align 8 switch i32 %1, label %89 [ i32 3, label %16 i32 14, label %56 i32 13, label %68 i32 15, label %68 i32 2, label %68 i32 1, label %79 i32 0, label %83 i32 11, label %86 i32 12, label %86 ] %69 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.224021* %15, i32 %0, i32 %1, %struct.shmid64_ds* nonnull %4) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %82 = bitcast i64* %3 to i8* %83 = icmp eq i32 %24, 1 br i1 %83, label %98, label %84 %85 = inttoptr i64 %15 to i8* %86 = call i64 @do_shmat(i32 %19, i8* %85, i32 %20, i64* nonnull %3, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %198, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %45, i64 0, i32 85 %47 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __ia32_compat_sys_shmat ------------- Path:  Function:__ia32_compat_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast i64* %2 to i8* %13 = inttoptr i64 %7 to i8* %14 = call i64 @do_shmat(i32 %10, i8* %13, i32 %11, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %198, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %45, i64 0, i32 85 %47 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __ia32_sys_shmat ------------- Path:  Function:__ia32_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = inttoptr i64 %7 to i8* %12 = trunc i64 %9 to i32 %13 = bitcast i64* %2 to i8* %14 = call i64 @do_shmat(i32 %10, i8* %11, i32 %12, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %198, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %45, i64 0, i32 85 %47 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __x64_sys_shmat ------------- Path:  Function:__x64_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast i64* %2 to i8* %13 = call i64 @do_shmat(i32 %10, i8* %7, i32 %11, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %198, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %45, i64 0, i32 85 %47 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* bitcast (%struct.kern_ipc_perm* (%struct.ipc_ids*, i32)* @ipc_obtain_object_check to %struct.kern_ipc_perm* (%struct.ipc_ids.224019*, i32)*)(%struct.ipc_ids.224019* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.224021*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.224021* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_compat_sys_semtimedop ------------- Path:  Function:__ia32_compat_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %30 = and i64 %17, 4294967295 %31 = inttoptr i64 %15 to %struct.orc_entry* %32 = inttoptr i64 %30 to %struct.util_est* %33 = tail call i64 @compat_ksys_semtimedop(i32 %19, %struct.orc_entry* %31, i32 %20, %struct.util_est* %32) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.48, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.48* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.48* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %771, label %19 %20 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %771, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %27, label %31 %32 = phi %struct.orc_entry* [ %29, %27 ], [ %9, %23 ] %33 = bitcast %struct.orc_entry* %32 to i8* %34 = bitcast %struct.orc_entry* %1 to i8* %35 = call i64 @_copy_from_user(i8* %33, i8* %34, i64 %26) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %765 %38 = icmp ne %struct.anon.48* %3, null br i1 %38, label %39, label %49 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %765, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ugt i64 %45, 999999999 br i1 %46, label %765, label %47 %48 = call i64 @timespec64_to_jiffies(%struct.anon.48* nonnull %3) #69 br label %49 %50 = phi i64 [ %48, %47 ], [ 0, %37 ] %51 = getelementptr %struct.orc_entry, %struct.orc_entry* %32, i64 %25 %52 = icmp ult %struct.orc_entry* %32, %51 br i1 %52, label %53, label %373 %54 = phi %struct.orc_entry* [ %82, %53 ], [ %32, %49 ] %55 = phi i32 [ %67, %53 ], [ 0, %49 ] %56 = phi i8 [ %72, %53 ], [ 0, %49 ] %57 = phi i8 [ %81, %53 ], [ 0, %49 ] %58 = phi i8 [ %75, %53 ], [ 0, %49 ] %59 = phi i64 [ %80, %53 ], [ 0, %49 ] %60 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 0 %61 = load i16, i16* %60, align 2 %62 = zext i16 %61 to i32 %63 = and i32 %62, 63 %64 = zext i32 %63 to i64 %65 = shl nuw i64 1, %64 %66 = icmp ugt i32 %55, %62 %67 = select i1 %66, i32 %55, i32 %62 %68 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 2 %69 = load i16, i16* %68, align 2 %70 = and i16 %69, 4096 %71 = icmp eq i16 %70, 0 %72 = select i1 %71, i8 %56, i8 1 %73 = and i64 %65, %59 %74 = icmp eq i64 %73, 0 %75 = select i1 %74, i8 %58, i8 1 %76 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %54, i64 0, i32 1 %77 = load i16, i16* %76, align 2 %78 = icmp eq i16 %77, 0 %79 = select i1 %78, i64 0, i64 %65 %80 = or i64 %79, %59 %81 = select i1 %78, i8 %57, i8 1 %82 = getelementptr %struct.orc_entry, %struct.orc_entry* %54, i64 1 %83 = icmp ult %struct.orc_entry* %82, %51 br i1 %83, label %53, label %84 %85 = and i8 %72, 1 %86 = icmp eq i8 %85, 0 br i1 %86, label %373, label %87 %88 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 81, i32 0 %89 = load %struct.sem_undo_list*, %struct.sem_undo_list** %88, align 16 %90 = icmp eq %struct.sem_undo_list* %89, null br i1 %90, label %91, label %106 %92 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 5), align 8 %93 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %92, i32 6324416, i64 24) #69 %94 = icmp eq i8* %93, null br i1 %94, label %369, label %95 %96 = bitcast i8* %93 to %struct.sem_undo_list* %97 = getelementptr inbounds i8, i8* %93, i64 4 %98 = bitcast i8* %97 to i32* store i32 0, i32* %98, align 4 %99 = bitcast i8* %93 to i32* store volatile i32 1, i32* %99, align 8 %100 = getelementptr inbounds i8, i8* %93, i64 8 %101 = ptrtoint i8* %100 to i64 %102 = bitcast i8* %100 to i64* store volatile i64 %101, i64* %102, align 8 %103 = getelementptr inbounds i8, i8* %93, i64 16 %104 = bitcast i8* %103 to i8** store i8* %100, i8** %104, align 8 %105 = bitcast %struct.sem_undo_list** %88 to i8** store i8* %93, i8** %105, align 16 br label %106 %107 = phi %struct.sem_undo_list* [ %89, %87 ], [ %96, %95 ] %108 = ptrtoint %struct.sem_undo_list* %107 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1 %110 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %109, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %110) #69 %111 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %112 = load volatile i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %115, !prof !6, !misexpect !7 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %107, i64 0, i32 2 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.sem_undo* %120 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %119, i64 0, i32 0 %121 = icmp eq %struct.list_head* %120, %116 br i1 %121, label %149, label %122 %123 = phi %struct.sem_undo* [ %131, %128 ], [ %119, %115 ] %124 = phi i64 [ %130, %128 ], [ %118, %115 ] %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %123, i64 0, i32 4 %126 = load i32, i32* %125, align 8 %127 = icmp eq i32 %126, %0 br i1 %127, label %134, label %128 %129 = inttoptr i64 %124 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.sem_undo* %132 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %131, i64 0, i32 0 %133 = icmp eq %struct.list_head* %132, %116 br i1 %133, label %149, label %122 %150 = phi %struct.sem_undo* [ null, %134 ], [ %123, %136 ], [ null, %115 ], [ null, %128 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %151 = bitcast %struct.spinlock* %109 to i8* store volatile i8 0, i8* %151, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %152 = icmp eq %struct.sem_undo* %150, null br i1 %152, label %153, label %366, !prof !6, !misexpect !13 %367 = phi %struct.sem_undo* [ %160, %159 ], [ %150, %149 ], [ %317, %365 ] %368 = icmp ugt %struct.sem_undo* %367, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %368, label %369, label %377 %378 = phi i32 [ %67, %366 ], [ %374, %373 ] %379 = phi i8 [ %81, %366 ], [ %375, %373 ] %380 = phi i8 [ %75, %366 ], [ %376, %373 ] %381 = phi %struct.sem_undo* [ %367, %366 ], [ null, %373 ] %382 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 1, i64 0 %383 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %382, i32 %0) #69 %384 = bitcast %struct.kern_ipc_perm* %383 to %struct.sem_array* %385 = bitcast %struct.kern_ipc_perm* %383 to i8* %386 = icmp ugt %struct.kern_ipc_perm* %383, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %386, label %387, label %390 %391 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %383, i64 1, i32 11 %392 = bitcast %struct.rhash_head* %391 to i32* %393 = load i32, i32* %392, align 8 %394 = icmp slt i32 %378, %393 br i1 %394, label %396, label %395 %397 = and i8 %379, 1 %398 = icmp eq i8 %397, 0 %399 = select i1 %398, i16 292, i16 146 %400 = call i32 @ipcperms(%struct.ipc_namespace* %15, %struct.kern_ipc_perm* %383, i16 signext %399) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %37 = icmp eq i32 %22, 0 br i1 %37, label %109, label %38 %40 = inttoptr i64 %15 to i32* %41 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %40, i64 4, i64 %39) #6, !srcloc !4 %42 = extractvalue { i32*, i64, i64 } %41, 0 %43 = extractvalue { i32*, i64, i64 } %41, 2 %44 = ptrtoint i32* %42 to i64 %45 = and i64 %44, 4294967295 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %109, !prof !5, !misexpect !6 %48 = extractvalue { i32*, i64, i64 } %41, 1 %49 = trunc i64 %48 to i32 %50 = tail call i64 @compat_ksys_semctl(i32 %19, i32 %20, i32 %21, i32 %49) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %17, i32 %0, i32 %12, %struct.semid64_ds* nonnull %7) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %17, i32 %0, i32 %12, %struct.semid64_ds* nonnull %7) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 ksys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %3 to i32 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = tail call i64 @ksys_semctl(i32 %11, i32 %12, i32 %13, i64 %10) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %19 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %2, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 ksys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = tail call i64 @ksys_semctl(i32 %10, i32 %11, i32 %12, i64 %9) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %19 = call fastcc i32 @semctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %2, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 compat_ksys_semctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %37 = icmp eq i32 %22, 0 br i1 %37, label %109, label %38 %40 = inttoptr i64 %15 to i32* %41 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %40, i64 4, i64 %39) #6, !srcloc !4 %42 = extractvalue { i32*, i64, i64 } %41, 0 %43 = extractvalue { i32*, i64, i64 } %41, 2 %44 = ptrtoint i32* %42 to i64 %45 = and i64 %44, 4294967295 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %109, !prof !5, !misexpect !6 %48 = extractvalue { i32*, i64, i64 } %41, 1 %49 = trunc i64 %48 to i32 %50 = tail call i64 @compat_ksys_semctl(i32 %19, i32 %20, i32 %21, i32 %49) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %77 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace* %17, i32 %0, i32 %1, i32 %12, i8* %9) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %77 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace* %17, i32 %0, i32 %1, i32 %12, i8* %9) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 ksys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %3 to i32 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = tail call i64 @ksys_semctl(i32 %11, i32 %12, i32 %13, i64 %10) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %29 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace* %14, i32 %0, i32 %1, i32 %2, i8* %6) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 ksys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = tail call i64 @ksys_semctl(i32 %10, i32 %11, i32 %12, i64 %9) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %29 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace* %14, i32 %0, i32 %1, i32 %2, i8* %6) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 compat_ksys_semctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %37 = icmp eq i32 %22, 0 br i1 %37, label %109, label %38 %40 = inttoptr i64 %15 to i32* %41 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %40, i64 4, i64 %39) #6, !srcloc !4 %42 = extractvalue { i32*, i64, i64 } %41, 0 %43 = extractvalue { i32*, i64, i64 } %41, 2 %44 = ptrtoint i32* %42 to i64 %45 = and i64 %44, 4294967295 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %109, !prof !5, !misexpect !6 %48 = extractvalue { i32*, i64, i64 } %41, 1 %49 = trunc i64 %48 to i32 %50 = tail call i64 @compat_ksys_semctl(i32 %19, i32 %20, i32 %21, i32 %49) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %80 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace* %17, i32 %0, i32 %1, i32 %3) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %201, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13) #69 Function:compat_ksys_semctl %5 = alloca %struct.compat_semid64_ds, align 4 %6 = alloca %struct.compat_semid_ds, align 4 %7 = alloca %struct.semid64_ds, align 8 %8 = zext i32 %3 to i64 %9 = inttoptr i64 %8 to i8* %10 = bitcast %struct.semid64_ds* %7 to i8* %11 = and i32 %2, 256 %12 = and i32 %2, -257 %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %0, 0 br i1 %18, label %97, label %19 switch i32 %12, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %80 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace* %17, i32 %0, i32 %1, i32 %3) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %201, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 ksys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %3 to i32 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = tail call i64 @ksys_semctl(i32 %11, i32 %12, i32 %13, i64 %10) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %32 = trunc i64 %3 to i32 %33 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace* %14, i32 %0, i32 %1, i32 %32) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %201, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 ksys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = tail call i64 @ksys_semctl(i32 %10, i32 %11, i32 %12, i64 %9) #69 Function:ksys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = inttoptr i64 %3 to i8* %7 = bitcast %struct.semid64_ds* %5 to i8* %8 = icmp slt i32 %0, 0 br i1 %8, label %41, label %9 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %2, label %41 [ i32 3, label %15 i32 19, label %15 i32 2, label %18 i32 18, label %18 i32 20, label %18 i32 13, label %28 i32 12, label %28 i32 11, label %28 i32 14, label %28 i32 15, label %28 i32 17, label %28 i32 16, label %31 i32 1, label %35 i32 0, label %38 ] %32 = trunc i64 %3 to i32 %33 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace* %14, i32 %0, i32 %1, i32 %32) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %201, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __ia32_compat_sys_msgrcv ------------- Path:  Function:__ia32_compat_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %12 to i32 %15 = inttoptr i64 %6 to i8* %16 = shl i64 %8, 32 %17 = ashr exact i64 %16, 32 %18 = shl i64 %10, 32 %19 = ashr exact i64 %18, 32 %20 = tail call fastcc i64 @do_msgrcv(i32 %13, i8* %15, i64 %17, i64 %19, i32 %14, i64 (i8*, %struct.msg_msg*, i64)* nonnull @compat_do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %12, i64 0, i32 85 %14 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %261, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 compat_ksys_msgrcv 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %54 = inttoptr i64 %15 to i8* %55 = or i64 %9, %7 %56 = trunc i64 %55 to i32 %57 = icmp sgt i32 %56, -1 br i1 %57, label %58, label %109 %59 = icmp eq i32 %24, 0 br i1 %59, label %60, label %74 %75 = tail call i64 @compat_ksys_msgrcv(i32 %19, i32 %22, i32 %20, i32 %23, i32 %21) #69 Function:compat_ksys_msgrcv %6 = zext i32 %1 to i64 %7 = inttoptr i64 %6 to i8* %8 = sext i32 %2 to i64 %9 = sext i32 %3 to i64 %10 = tail call fastcc i64 @do_msgrcv(i32 %0, i8* %7, i64 %8, i64 %9, i32 %4, i64 (i8*, %struct.msg_msg*, i64)* nonnull @compat_do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %12, i64 0, i32 85 %14 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %261, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __ia32_sys_msgrcv ------------- Path:  Function:__ia32_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = trunc i64 %14 to i32 %17 = inttoptr i64 %6 to i8* %18 = tail call fastcc i64 @do_msgrcv(i32 %15, i8* %17, i64 %9, i64 %12, i32 %16, i64 (i8*, %struct.msg_msg*, i64)* nonnull @do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %12, i64 0, i32 85 %14 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %261, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __x64_sys_msgrcv ------------- Path:  Function:__x64_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %12 to i32 %15 = tail call fastcc i64 @do_msgrcv(i32 %13, i8* %6, i64 %8, i64 %10, i32 %14, i64 (i8*, %struct.msg_msg*, i64)* nonnull @do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %12, i64 0, i32 85 %14 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %261, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %79 = inttoptr i64 %15 to i8* %80 = tail call i64 @compat_ksys_msgctl(i32 %19, i32 %20, i8* %79) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %31 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %15, i32 %0, i32 %10, %struct.msqid64_ds* nonnull %6) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %31 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %15, i32 %0, i32 %10, %struct.msqid64_ds* nonnull %6) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 ksys_msgctl 2 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.msqid_ds* %12 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %11) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %28 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 ksys_msgctl 2 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to %struct.msqid_ds** %8 = load %struct.msqid_ds*, %struct.msqid_ds** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %8) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %28 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %13, i64 0, i32 85 %15 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 ksys_semget 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %35 = tail call i64 @ksys_semget(i32 %19, i32 %20, i32 %21) #69 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %6, i64 0, i32 85 %8 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 %11 = icmp slt i32 %1, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 2, i64 0 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, %1 br i1 %15, label %24, label %16 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %20 = bitcast %struct.anon.1* %19 to i32* store i32 %1, i32* %20, align 8 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 1, i64 0 %22 = call i32 @ipcget(%struct.ipc_namespace* %10, %struct.ipc_ids* %21, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %13, i64 0, i32 85 %15 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %17, i64 0, i32 1, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %17, %struct.ipc_ids.224019* %21, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcget 1 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %12, i64 0, i32 85 %14 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %19, align 8 %20 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %16, i64 0, i32 1, i64 2 %21 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %16, %struct.ipc_ids.224019* %20, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 Function:ipcget %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 2 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.45766*)*)(%struct.rw_semaphore.45766* %17) #69 %18 = load i32, i32* %6, align 8 %19 = bitcast i32* %5 to i8* store i32 %18, i32* %5, align 4 %20 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = bitcast %struct.rhashtable* %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 3 %24 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 2 %25 = getelementptr inbounds %struct.ipc_ids, %struct.ipc_ids* %1, i64 0, i32 5, i32 3, i32 1 br label %26 %27 = phi i64 [ %22, %14 ], [ %67, %64 ] %28 = inttoptr i64 %27 to %struct.bucket_table* %29 = call fastcc i32 @rht_key_hashfn(%struct.rhashtable* %20, %struct.bucket_table* %28, i8* nonnull %19, %struct.rhashtable_params* nonnull byval(%struct.rhashtable_params) align 8 @ipc_kht_params) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = getelementptr inbounds %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 1 %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33, !prof !6, !misexpect !7 %36 = zext i32 %29 to i64 %37 = getelementptr %struct.bucket_table, %struct.bucket_table* %28, i64 0, i32 10, i64 %36 br label %38 %39 = phi %struct.rhash_head** [ %34, %33 ], [ %37, %35 ] %40 = bitcast %struct.rhash_head** %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %64 %45 = load i16, i16* %23, align 2 %46 = zext i16 %45 to i64 %47 = sub nsw i64 0, %46 %48 = load i16, i16* %24, align 4 %49 = zext i16 %48 to i64 %50 = load i16, i16* %25, align 2 %51 = zext i16 %50 to i64 br label %52 %53 = phi i64 [ %61, %59 ], [ %41, %44 ] %54 = inttoptr i64 %53 to i8* %55 = getelementptr i8, i8* %54, i64 %47 %56 = getelementptr i8, i8* %55, i64 %49 %57 = call i32 @bcmp(i8* %56, i8* nonnull %19, i64 %51) #6 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %70 = icmp eq i64 %53, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = icmp eq i8* %55, null br i1 %73, label %74, label %77 %78 = bitcast i8* %55 to %struct.kern_ipc_perm* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %79 = bitcast i8* %55 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* nonnull %79) #69 %80 = and i32 %16, 1536 %81 = icmp eq i32 %80, 1536 br i1 %81, label %108, label %86 %87 = getelementptr inbounds %struct.ipc_ops, %struct.ipc_ops* %2, i64 0, i32 2 %88 = load i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)*, i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)** %87, align 8 %89 = icmp eq i32 (%struct.kern_ipc_perm*, %struct.ipc_params*)* %88, null br i1 %89, label %93, label %90 %91 = call i32 %88(%struct.kern_ipc_perm* nonnull %78, %struct.ipc_params* %3) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %108 %94 = load i32, i32* %15, align 4 %95 = trunc i32 %94 to i16 %96 = call i32 @ipcperms(%struct.ipc_namespace* %0, %struct.kern_ipc_perm* nonnull %78, i16 signext %95) #69 ------------- Good: 3 Bad: 48 Ignored: 4 Check Use of Function:skb_copy_expand Check Use of Function:pid_revalidate Check Use of Function:crypto_shash_update Use: =BAD PATH= Call Stack: 0 __ext4_ext_check 1 ext4_ext_precache 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %33, label %30 %31 = call i32 @ext4_ext_precache(%struct.inode.100633* %0) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %127 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 0 %128 = load i32, i32* %127, align 4 %129 = icmp ule i32 %128, %114 %130 = icmp ne i32 %114, 0 %131 = and i1 %130, %129 br i1 %131, label %132, label %141 %142 = getelementptr %struct.bug_entry, %struct.bug_entry* %113, i64 1 %143 = add i16 %115, -1 %144 = icmp eq i16 %143, 0 br i1 %144, label %145, label %112 %146 = icmp sgt i32 %4, 32 br i1 %146, label %220, label %147, !prof !6, !misexpect !5 %148 = load i16, i16* %23, align 2 %149 = zext i16 %148 to i32 %150 = icmp eq i32 %149, %4 br i1 %150, label %236, label %151 %152 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %2, i64 0, i32 8 %153 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %154 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %153, i64 0, i32 30 %155 = bitcast i8** %154 to %struct.ext4_sb_info.159505** %156 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %157 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 15 %158 = load %struct.ext4_super_block*, %struct.ext4_super_block** %157, align 8 %159 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %158, i64 0, i32 30 %160 = load i32, i32* %159, align 4 %161 = and i32 %160, 1024 %162 = icmp eq i32 %161, 0 br i1 %162, label %236, label %163 %164 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 102 %165 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %164, align 8 %166 = icmp eq %struct.crypto_shash.158674* %165, null br i1 %166, label %167, label %186, !prof !6, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.7.16695, i64 0, i64 0), i32 2797, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 166) #6, !srcloc !8 %168 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %169 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 15 %170 = load %struct.ext4_super_block*, %struct.ext4_super_block** %169, align 8 %171 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %170, i64 0, i32 30 %172 = load i32, i32* %171, align 4 %173 = and i32 %172, 1024 %174 = icmp eq i32 %173, 0 br i1 %174, label %236, label %175 %176 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 102 %177 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %176, align 8 %178 = icmp eq %struct.crypto_shash.158674* %177, null br i1 %178, label %236, label %179 %180 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %181 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %180, i64 0, i32 30 %182 = bitcast i8** %181 to %struct.ext4_sb_info.159505** %183 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %182, align 64 %184 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %183, i64 0, i32 102 %185 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %184, align 8 br label %186 %187 = phi %struct.crypto_shash.158674* [ %185, %179 ], [ %165, %163 ] %188 = bitcast %struct.ext4_extent_header* %3 to i8* %189 = load i16, i16* %17, align 4 %190 = zext i16 %189 to i64 %191 = mul nuw nsw i64 %190, 12 %192 = add nuw nsw i64 %191, 12 %193 = getelementptr i8, i8* %188, i64 %192 %194 = bitcast i8* %193 to i32* %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %21, i64 131 %197 = bitcast %struct.file_operations.100630** %196 to i32* %198 = load i32, i32* %197, align 8 %199 = bitcast %struct.anon.87.159493* %7 to i8* %200 = getelementptr inbounds %struct.crypto_shash.158674, %struct.crypto_shash.158674* %187, i64 0, i32 0 %201 = load i32, i32* %200, align 8 %202 = icmp eq i32 %201, 4 br i1 %202, label %204, label %203, !prof !4, !misexpect !5 %205 = zext i16 %189 to i32 %206 = mul nuw nsw i32 %205, 12 %207 = add nuw nsw i32 %206, 12 %208 = ptrtoint %struct.crypto_shash.158674* %187 to i64 %209 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0 %210 = bitcast %struct.anon.87.159493* %7 to i64* store i64 %208, i64* %210, align 8 %211 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0, i32 1 store i32 0, i32* %211, align 8 %212 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 1, i64 0 %213 = bitcast i8* %212 to i32* store i32 %198, i32* %213, align 8 %214 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.159492*, i8*, i32)*)(%struct.shash_desc.159492* nonnull %209, i8* %188, i32 %207) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ext4_ext_check 1 ext4_ext_precache 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %33, label %30 %31 = call i32 @ext4_ext_precache(%struct.inode.100633* %0) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %127 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 0 %128 = load i32, i32* %127, align 4 %129 = icmp ule i32 %128, %114 %130 = icmp ne i32 %114, 0 %131 = and i1 %130, %129 br i1 %131, label %132, label %141 %142 = getelementptr %struct.bug_entry, %struct.bug_entry* %113, i64 1 %143 = add i16 %115, -1 %144 = icmp eq i16 %143, 0 br i1 %144, label %145, label %112 %146 = icmp sgt i32 %4, 32 br i1 %146, label %220, label %147, !prof !6, !misexpect !5 %148 = load i16, i16* %23, align 2 %149 = zext i16 %148 to i32 %150 = icmp eq i32 %149, %4 br i1 %150, label %236, label %151 %152 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %2, i64 0, i32 8 %153 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %154 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %153, i64 0, i32 30 %155 = bitcast i8** %154 to %struct.ext4_sb_info.159505** %156 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %157 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 15 %158 = load %struct.ext4_super_block*, %struct.ext4_super_block** %157, align 8 %159 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %158, i64 0, i32 30 %160 = load i32, i32* %159, align 4 %161 = and i32 %160, 1024 %162 = icmp eq i32 %161, 0 br i1 %162, label %236, label %163 %164 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 102 %165 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %164, align 8 %166 = icmp eq %struct.crypto_shash.158674* %165, null br i1 %166, label %167, label %186, !prof !6, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.7.16695, i64 0, i64 0), i32 2797, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 166) #6, !srcloc !8 %168 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %169 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 15 %170 = load %struct.ext4_super_block*, %struct.ext4_super_block** %169, align 8 %171 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %170, i64 0, i32 30 %172 = load i32, i32* %171, align 4 %173 = and i32 %172, 1024 %174 = icmp eq i32 %173, 0 br i1 %174, label %236, label %175 %176 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 102 %177 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %176, align 8 %178 = icmp eq %struct.crypto_shash.158674* %177, null br i1 %178, label %236, label %179 %180 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %181 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %180, i64 0, i32 30 %182 = bitcast i8** %181 to %struct.ext4_sb_info.159505** %183 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %182, align 64 %184 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %183, i64 0, i32 102 %185 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %184, align 8 br label %186 %187 = phi %struct.crypto_shash.158674* [ %185, %179 ], [ %165, %163 ] %188 = bitcast %struct.ext4_extent_header* %3 to i8* %189 = load i16, i16* %17, align 4 %190 = zext i16 %189 to i64 %191 = mul nuw nsw i64 %190, 12 %192 = add nuw nsw i64 %191, 12 %193 = getelementptr i8, i8* %188, i64 %192 %194 = bitcast i8* %193 to i32* %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %21, i64 131 %197 = bitcast %struct.file_operations.100630** %196 to i32* %198 = load i32, i32* %197, align 8 %199 = bitcast %struct.anon.87.159493* %7 to i8* %200 = getelementptr inbounds %struct.crypto_shash.158674, %struct.crypto_shash.158674* %187, i64 0, i32 0 %201 = load i32, i32* %200, align 8 %202 = icmp eq i32 %201, 4 br i1 %202, label %204, label %203, !prof !4, !misexpect !5 %205 = zext i16 %189 to i32 %206 = mul nuw nsw i32 %205, 12 %207 = add nuw nsw i32 %206, 12 %208 = ptrtoint %struct.crypto_shash.158674* %187 to i64 %209 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0 %210 = bitcast %struct.anon.87.159493* %7 to i64* store i64 %208, i64* %210, align 8 %211 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0, i32 1 store i32 0, i32* %211, align 8 %212 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 1, i64 0 %213 = bitcast i8* %212 to i32* store i32 %198, i32* %213, align 8 %214 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.159492*, i8*, i32)*)(%struct.shash_desc.159492* nonnull %209, i8* %188, i32 %207) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ext4_ext_check 1 ext4_ext_precache 2 ext4_ioctl 3 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %127 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 0 %128 = load i32, i32* %127, align 4 %129 = icmp ule i32 %128, %114 %130 = icmp ne i32 %114, 0 %131 = and i1 %130, %129 br i1 %131, label %132, label %141 %142 = getelementptr %struct.bug_entry, %struct.bug_entry* %113, i64 1 %143 = add i16 %115, -1 %144 = icmp eq i16 %143, 0 br i1 %144, label %145, label %112 %146 = icmp sgt i32 %4, 32 br i1 %146, label %220, label %147, !prof !6, !misexpect !5 %148 = load i16, i16* %23, align 2 %149 = zext i16 %148 to i32 %150 = icmp eq i32 %149, %4 br i1 %150, label %236, label %151 %152 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %2, i64 0, i32 8 %153 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %154 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %153, i64 0, i32 30 %155 = bitcast i8** %154 to %struct.ext4_sb_info.159505** %156 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %157 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 15 %158 = load %struct.ext4_super_block*, %struct.ext4_super_block** %157, align 8 %159 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %158, i64 0, i32 30 %160 = load i32, i32* %159, align 4 %161 = and i32 %160, 1024 %162 = icmp eq i32 %161, 0 br i1 %162, label %236, label %163 %164 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 102 %165 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %164, align 8 %166 = icmp eq %struct.crypto_shash.158674* %165, null br i1 %166, label %167, label %186, !prof !6, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.7.16695, i64 0, i64 0), i32 2797, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 166) #6, !srcloc !8 %168 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %169 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 15 %170 = load %struct.ext4_super_block*, %struct.ext4_super_block** %169, align 8 %171 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %170, i64 0, i32 30 %172 = load i32, i32* %171, align 4 %173 = and i32 %172, 1024 %174 = icmp eq i32 %173, 0 br i1 %174, label %236, label %175 %176 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 102 %177 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %176, align 8 %178 = icmp eq %struct.crypto_shash.158674* %177, null br i1 %178, label %236, label %179 %180 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %181 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %180, i64 0, i32 30 %182 = bitcast i8** %181 to %struct.ext4_sb_info.159505** %183 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %182, align 64 %184 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %183, i64 0, i32 102 %185 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %184, align 8 br label %186 %187 = phi %struct.crypto_shash.158674* [ %185, %179 ], [ %165, %163 ] %188 = bitcast %struct.ext4_extent_header* %3 to i8* %189 = load i16, i16* %17, align 4 %190 = zext i16 %189 to i64 %191 = mul nuw nsw i64 %190, 12 %192 = add nuw nsw i64 %191, 12 %193 = getelementptr i8, i8* %188, i64 %192 %194 = bitcast i8* %193 to i32* %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %21, i64 131 %197 = bitcast %struct.file_operations.100630** %196 to i32* %198 = load i32, i32* %197, align 8 %199 = bitcast %struct.anon.87.159493* %7 to i8* %200 = getelementptr inbounds %struct.crypto_shash.158674, %struct.crypto_shash.158674* %187, i64 0, i32 0 %201 = load i32, i32* %200, align 8 %202 = icmp eq i32 %201, 4 br i1 %202, label %204, label %203, !prof !4, !misexpect !5 %205 = zext i16 %189 to i32 %206 = mul nuw nsw i32 %205, 12 %207 = add nuw nsw i32 %206, 12 %208 = ptrtoint %struct.crypto_shash.158674* %187 to i64 %209 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0 %210 = bitcast %struct.anon.87.159493* %7 to i64* store i64 %208, i64* %210, align 8 %211 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0, i32 1 store i32 0, i32* %211, align 8 %212 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 1, i64 0 %213 = bitcast i8* %212 to i32* store i32 %198, i32* %213, align 8 %214 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.159492*, i8*, i32)*)(%struct.shash_desc.159492* nonnull %209, i8* %188, i32 %207) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ext4_ext_check 1 ext4_ext_precache 2 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %127 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 0 %128 = load i32, i32* %127, align 4 %129 = icmp ule i32 %128, %114 %130 = icmp ne i32 %114, 0 %131 = and i1 %130, %129 br i1 %131, label %132, label %141 %142 = getelementptr %struct.bug_entry, %struct.bug_entry* %113, i64 1 %143 = add i16 %115, -1 %144 = icmp eq i16 %143, 0 br i1 %144, label %145, label %112 %146 = icmp sgt i32 %4, 32 br i1 %146, label %220, label %147, !prof !6, !misexpect !5 %148 = load i16, i16* %23, align 2 %149 = zext i16 %148 to i32 %150 = icmp eq i32 %149, %4 br i1 %150, label %236, label %151 %152 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %2, i64 0, i32 8 %153 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %154 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %153, i64 0, i32 30 %155 = bitcast i8** %154 to %struct.ext4_sb_info.159505** %156 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %157 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 15 %158 = load %struct.ext4_super_block*, %struct.ext4_super_block** %157, align 8 %159 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %158, i64 0, i32 30 %160 = load i32, i32* %159, align 4 %161 = and i32 %160, 1024 %162 = icmp eq i32 %161, 0 br i1 %162, label %236, label %163 %164 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %156, i64 0, i32 102 %165 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %164, align 8 %166 = icmp eq %struct.crypto_shash.158674* %165, null br i1 %166, label %167, label %186, !prof !6, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.7.16695, i64 0, i64 0), i32 2797, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 166) #6, !srcloc !8 %168 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %155, align 64 %169 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 15 %170 = load %struct.ext4_super_block*, %struct.ext4_super_block** %169, align 8 %171 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %170, i64 0, i32 30 %172 = load i32, i32* %171, align 4 %173 = and i32 %172, 1024 %174 = icmp eq i32 %173, 0 br i1 %174, label %236, label %175 %176 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %168, i64 0, i32 102 %177 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %176, align 8 %178 = icmp eq %struct.crypto_shash.158674* %177, null br i1 %178, label %236, label %179 %180 = load %struct.super_block.100615*, %struct.super_block.100615** %152, align 8 %181 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %180, i64 0, i32 30 %182 = bitcast i8** %181 to %struct.ext4_sb_info.159505** %183 = load %struct.ext4_sb_info.159505*, %struct.ext4_sb_info.159505** %182, align 64 %184 = getelementptr inbounds %struct.ext4_sb_info.159505, %struct.ext4_sb_info.159505* %183, i64 0, i32 102 %185 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %184, align 8 br label %186 %187 = phi %struct.crypto_shash.158674* [ %185, %179 ], [ %165, %163 ] %188 = bitcast %struct.ext4_extent_header* %3 to i8* %189 = load i16, i16* %17, align 4 %190 = zext i16 %189 to i64 %191 = mul nuw nsw i64 %190, 12 %192 = add nuw nsw i64 %191, 12 %193 = getelementptr i8, i8* %188, i64 %192 %194 = bitcast i8* %193 to i32* %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %21, i64 131 %197 = bitcast %struct.file_operations.100630** %196 to i32* %198 = load i32, i32* %197, align 8 %199 = bitcast %struct.anon.87.159493* %7 to i8* %200 = getelementptr inbounds %struct.crypto_shash.158674, %struct.crypto_shash.158674* %187, i64 0, i32 0 %201 = load i32, i32* %200, align 8 %202 = icmp eq i32 %201, 4 br i1 %202, label %204, label %203, !prof !4, !misexpect !5 %205 = zext i16 %189 to i32 %206 = mul nuw nsw i32 %205, 12 %207 = add nuw nsw i32 %206, 12 %208 = ptrtoint %struct.crypto_shash.158674* %187 to i64 %209 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0 %210 = bitcast %struct.anon.87.159493* %7 to i64* store i64 %208, i64* %210, align 8 %211 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 0, i32 1 store i32 0, i32* %211, align 8 %212 = getelementptr inbounds %struct.anon.87.159493, %struct.anon.87.159493* %7, i64 0, i32 1, i64 0 %213 = bitcast i8* %212 to i32* store i32 %198, i32* %213, align 8 %214 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.159492*, i8*, i32)*)(%struct.shash_desc.159492* nonnull %209, i8* %188, i32 %207) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_superblock_csum_set 1 ext4_commit_super 2 __ext4_error_inode 3 __ext4_ext_check 4 ext4_ext_precache 5 ext4_ioctl 6 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 Function:ext4_superblock_csum_set %2 = alloca %struct.anon.115.166897, align 8 %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 30 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1024 %11 = icmp eq i32 %10, 0 br i1 %11, label %49, label %12 %13 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 102 %14 = load %struct.crypto_shash.166875*, %struct.crypto_shash.166875** %13, align 8 %15 = icmp eq %struct.crypto_shash.166875* %14, null br i1 %15, label %16, label %28, !prof !4, !misexpect !5 %29 = phi %struct.crypto_shash.166875* [ %26, %24 ], [ %14, %12 ] %30 = bitcast %struct.anon.115.166897* %2 to i8* %31 = getelementptr inbounds %struct.crypto_shash.166875, %struct.crypto_shash.166875* %29, i64 0, i32 0 %32 = load i32, i32* %31, align 8 %33 = icmp eq i32 %32, 4 br i1 %33, label %35, label %34, !prof !8, !misexpect !5 %36 = bitcast %struct.ext4_super_block* %7 to i8* %37 = ptrtoint %struct.crypto_shash.166875* %29 to i64 %38 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 0 %39 = bitcast %struct.anon.115.166897* %2 to i64* store i64 %37, i64* %39, align 8 %40 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 0, i32 1 store i32 0, i32* %40, align 8 %41 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 1, i64 0 %42 = bitcast i8* %41 to i32* store i32 -1, i32* %42, align 8 %43 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.166882*, i8*, i32)*)(%struct.shash_desc.166882* nonnull %38, i8* %36, i32 1020) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_superblock_csum_set 1 ext4_commit_super 2 __ext4_error_inode 3 __ext4_ext_check 4 ext4_ext_precache 5 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 Function:ext4_superblock_csum_set %2 = alloca %struct.anon.115.166897, align 8 %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 30 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1024 %11 = icmp eq i32 %10, 0 br i1 %11, label %49, label %12 %13 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 102 %14 = load %struct.crypto_shash.166875*, %struct.crypto_shash.166875** %13, align 8 %15 = icmp eq %struct.crypto_shash.166875* %14, null br i1 %15, label %16, label %28, !prof !4, !misexpect !5 %29 = phi %struct.crypto_shash.166875* [ %26, %24 ], [ %14, %12 ] %30 = bitcast %struct.anon.115.166897* %2 to i8* %31 = getelementptr inbounds %struct.crypto_shash.166875, %struct.crypto_shash.166875* %29, i64 0, i32 0 %32 = load i32, i32* %31, align 8 %33 = icmp eq i32 %32, 4 br i1 %33, label %35, label %34, !prof !8, !misexpect !5 %36 = bitcast %struct.ext4_super_block* %7 to i8* %37 = ptrtoint %struct.crypto_shash.166875* %29 to i64 %38 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 0 %39 = bitcast %struct.anon.115.166897* %2 to i64* store i64 %37, i64* %39, align 8 %40 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 0, i32 1 store i32 0, i32* %40, align 8 %41 = getelementptr inbounds %struct.anon.115.166897, %struct.anon.115.166897* %2, i64 0, i32 1, i64 0 %42 = bitcast i8* %41 to i32* store i32 -1, i32* %42, align 8 %43 = call i32 bitcast (i32 (%struct.shash_desc.239992*, i8*, i32)* @crypto_shash_update to i32 (%struct.shash_desc.166882*, i8*, i32)*)(%struct.shash_desc.166882* nonnull %38, i8* %36, i32 1020) #69 ------------- Good: 591 Bad: 6 Ignored: 550 Check Use of Function:xt_match_to_user Check Use of Function:do_ipt_get_ctl Check Use of Function:__audit_inode Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __ia32_compat_sys_mq_timedsend ------------- Path:  Function:__ia32_compat_sys_mq_timedsend %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %4 to i32 %17 = inttoptr i64 %7 to i8* %18 = trunc i64 %12 to i32 %19 = bitcast %struct.anon.48* %2 to i8* %20 = icmp eq i64 %15, 0 br i1 %20, label %33, label %21 %22 = inttoptr i64 %15 to i8* %23 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* nonnull %22) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %37 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp slt i64 %27, 0 br i1 %28, label %37, label %29 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %31 = load i64, i64* %30, align 8 %32 = icmp ult i64 %31, 1000000000 br i1 %32, label %33, label %37 %34 = phi %struct.anon.48* [ null, %1 ], [ %2, %29 ] %35 = call fastcc i32 @do_mq_timedsend(i32 %16, i8* %17, i64 %10, i32 %18, %struct.anon.48* %34) #69 Function:do_mq_timedsend %6 = alloca %struct.siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.48* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %30, i64 0, i32 96 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 2 %46 = load %struct.inode.225192*, %struct.inode.225192** %45, align 8 %47 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 3 %48 = load %struct.file_operations.225181*, %struct.file_operations.225181** %47, align 8 %49 = icmp eq %struct.file_operations.225181* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.225192, %struct.inode.225192* %46, i64 -1, i32 46 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __ia32_sys_mq_timedsend ------------- Path:  Function:__ia32_sys_mq_timedsend %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %4 to i32 %17 = inttoptr i64 %7 to i8* %18 = trunc i64 %12 to i32 %19 = bitcast %struct.anon.48* %2 to i8* %20 = icmp eq i64 %15, 0 br i1 %20, label %33, label %21 %22 = inttoptr i64 %15 to %struct.anon.48* %23 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %22) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %37 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp slt i64 %27, 0 br i1 %28, label %37, label %29 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %31 = load i64, i64* %30, align 8 %32 = icmp ult i64 %31, 1000000000 br i1 %32, label %33, label %37 %34 = phi %struct.anon.48* [ null, %1 ], [ %2, %29 ] %35 = call fastcc i32 @do_mq_timedsend(i32 %16, i8* %17, i64 %10, i32 %18, %struct.anon.48* %34) #69 Function:do_mq_timedsend %6 = alloca %struct.siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.48* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %30, i64 0, i32 96 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 2 %46 = load %struct.inode.225192*, %struct.inode.225192** %45, align 8 %47 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 3 %48 = load %struct.file_operations.225181*, %struct.file_operations.225181** %47, align 8 %49 = icmp eq %struct.file_operations.225181* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.225192, %struct.inode.225192* %46, i64 -1, i32 46 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __x64_sys_mq_timedsend ------------- Path:  Function:__x64_sys_mq_timedsend %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %11 to i32 %16 = bitcast %struct.anon.48* %2 to i8* %17 = icmp eq i64 %13, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %13 to %struct.anon.48* %20 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.48* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedsend(i32 %14, i8* %7, i64 %9, i32 %15, %struct.anon.48* %31) #69 Function:do_mq_timedsend %6 = alloca %struct.siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.48* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %30, i64 0, i32 96 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 2 %46 = load %struct.inode.225192*, %struct.inode.225192** %45, align 8 %47 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %42, i64 0, i32 3 %48 = load %struct.file_operations.225181*, %struct.file_operations.225181** %47, align 8 %49 = icmp eq %struct.file_operations.225181* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.225192, %struct.inode.225192* %46, i64 -1, i32 46 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 32 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fremovexattr 2 __ia32_sys_fremovexattr ------------- Path:  Function:__ia32_sys_fremovexattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_fremovexattr(i64 %4, i64 %7) #69 Function:__se_sys_fremovexattr %3 = alloca [256 x i8], align 16 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* %6 = tail call i64 @__fdget(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.128583* %9 = icmp eq i64 %7, 0 br i1 %9, label %46, label %10 %11 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %11, i64 0, i32 96 %13 = load %struct.audit_context*, %struct.audit_context** %12, align 32 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %20, label %15 %16 = bitcast %struct.audit_context* %13 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %8) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fremovexattr 2 __x64_sys_fremovexattr ------------- Path:  Function:__x64_sys_fremovexattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_fremovexattr(i64 %3, i64 %5) #69 Function:__se_sys_fremovexattr %3 = alloca [256 x i8], align 16 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* %6 = tail call i64 @__fdget(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.128583* %9 = icmp eq i64 %7, 0 br i1 %9, label %46, label %10 %11 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %11, i64 0, i32 96 %13 = load %struct.audit_context*, %struct.audit_context** %12, align 32 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %20, label %15 %16 = bitcast %struct.audit_context* %13 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %8) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_flistxattr ------------- Path:  Function:__x64_sys_flistxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @__fdget(i32 %9) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.128583* %13 = icmp eq i64 %11, 0 br i1 %13, label %31, label %14 %15 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %15, i64 0, i32 96 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 32 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_fgetxattr ------------- Path:  Function:__ia32_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = inttoptr i64 %9 to i8* %16 = tail call i64 @__fdget(i32 %13) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.128583* %19 = icmp eq i64 %17, 0 br i1 %19, label %37, label %20 %21 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %21, i64 0, i32 96 %23 = load %struct.audit_context*, %struct.audit_context** %22, align 32 %24 = icmp eq %struct.audit_context* %23, null br i1 %24, label %30, label %25 %26 = bitcast %struct.audit_context* %23 to i32* %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %18) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_fgetxattr ------------- Path:  Function:__x64_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call i64 @__fdget(i32 %12) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.128583* %16 = icmp eq i64 %14, 0 br i1 %16, label %34, label %17 %18 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %18, i64 0, i32 96 %20 = load %struct.audit_context*, %struct.audit_context** %19, align 32 %21 = icmp eq %struct.audit_context* %20, null br i1 %21, label %27, label %22 %23 = bitcast %struct.audit_context* %20 to i32* %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %27, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %15) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fsetxattr 2 __ia32_sys_fsetxattr ------------- Path:  Function:__ia32_sys_fsetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsetxattr(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsetxattr %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget(i32 %6) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.128583* %13 = icmp eq i64 %11, 0 br i1 %13, label %39, label %14 %15 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %15, i64 0, i32 96 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 32 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fsetxattr 2 __x64_sys_fsetxattr ------------- Path:  Function:__x64_sys_fsetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsetxattr(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsetxattr %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget(i32 %6) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.128583* %13 = icmp eq i64 %11, 0 br i1 %13, label %39, label %14 %15 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %15, i64 0, i32 96 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 32 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __ia32_compat_sys_mq_timedreceive ------------- Path:  Function:__ia32_compat_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.48* %24 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.48* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.48* %20 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.48* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.48* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.225184*)*)(%struct.file.225184* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_flistxattr ------------- Path:  Function:__ia32_sys_flistxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @__fdget(i32 %10) #69 %13 = and i64 %12, -4 %14 = inttoptr i64 %13 to %struct.file.128583* %15 = icmp eq i64 %13, 0 br i1 %15, label %33, label %16 %17 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %17, i64 0, i32 96 %19 = load %struct.audit_context*, %struct.audit_context** %18, align 32 %20 = icmp eq %struct.audit_context* %19, null br i1 %20, label %26, label %21 %22 = bitcast %struct.audit_context* %19 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %14) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_fchmod ------------- Path:  Function:__ia32_sys_fchmod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i16 %8 = tail call i64 @__fdget(i32 %6) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.120508* %11 = icmp eq i64 %9, 0 br i1 %11, label %28, label %12 %13 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %18 = bitcast %struct.audit_context* %15 to i32* %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.120508*)*)(%struct.file.120508* nonnull %10) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_fchmod ------------- Path:  Function:__x64_sys_fchmod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i16 %8 = tail call i64 @__fdget(i32 %6) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.120508* %11 = icmp eq i64 %9, 0 br i1 %11, label %28, label %12 %13 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %18 = bitcast %struct.audit_context* %15 to i32* %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.120508*)*)(%struct.file.120508* nonnull %10) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.39647*, %struct.dentry.39647** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.39647* %3, i32 0) #69 ------------- Good: 17 Bad: 16 Ignored: 15 Check Use of Function:xt_compat_match_from_user Check Use of Function:kernel_power_off Check Use of Function:kernel_halt Check Use of Function:audit_inode_permission Check Use of Function:bad_inode_rmdir Check Use of Function:n_tty_close Check Use of Function:tty_lock Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %7, align 8 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %7, align 8 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %6, align 8 %8 = icmp eq %struct.tty_struct.230612* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %6, align 8 %8 = icmp eq %struct.tty_struct.230612* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %6, align 8 %8 = icmp eq %struct.tty_struct.230612* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_vhangup_session to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.230612* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.230612* %0, null br i1 %3, label %200, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.230059*, %struct.file.230059** @redirect, align 8 %6 = icmp eq %struct.file.230059* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.230059* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_vhangup_session to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.230612* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.230612* %0, null br i1 %3, label %200, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.230059*, %struct.file.230059** @redirect, align 8 %6 = icmp eq %struct.file.230059* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.230059* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.315324*)* @tty_lock to void (%struct.tty_struct.230612*)*)(%struct.tty_struct.230612* nonnull %0) #69 ------------- Good: 11 Bad: 9 Ignored: 26 Check Use of Function:sr_lock_door Check Use of Function:generic_file_write_iter Check Use of Function:move_vma Check Use of Function:tg3_ptp_enable Check Use of Function:getname_flags Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_rename ------------- Path:  Function:__ia32_sys_rename %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call fastcc i32 @do_renameat2(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_rename ------------- Path:  Function:__x64_sys_rename %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call fastcc i32 @do_renameat2(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_renameat ------------- Path:  Function:__ia32_sys_renameat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = tail call fastcc i32 @do_renameat2(i32 %12, i8* %13, i32 %14, i8* %15, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_renameat ------------- Path:  Function:__x64_sys_renameat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = trunc i64 %3 to i32 %13 = trunc i64 %8 to i32 %14 = tail call fastcc i32 @do_renameat2(i32 %12, i8* %6, i32 %13, i8* %11, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_renameat2 ------------- Path:  Function:__ia32_sys_renameat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call fastcc i32 @do_renameat2(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_renameat2 ------------- Path:  Function:__x64_sys_renameat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call fastcc i32 @do_renameat2(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 Function:do_renameat2 %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.124077*, align 8 %13 = bitcast %struct.path.124050* %6 to i8* %14 = bitcast %struct.path.124050* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.124077** %12 to i8* store %struct.inode.124077* null, %struct.inode.124077** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __ia32_sys_link ------------- Path:  Function:__ia32_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i32 @do_linkat(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 Function:do_linkat %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.inode.124077*, align 8 %9 = bitcast %struct.path.124050* %6 to i8* %10 = bitcast %struct.path.124050* %7 to i8* %11 = bitcast %struct.inode.124077** %8 to i8* store %struct.inode.124077* null, %struct.inode.124077** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __x64_sys_link ------------- Path:  Function:__x64_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i32 @do_linkat(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 Function:do_linkat %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.inode.124077*, align 8 %9 = bitcast %struct.path.124050* %6 to i8* %10 = bitcast %struct.path.124050* %7 to i8* %11 = bitcast %struct.inode.124077** %8 to i8* store %struct.inode.124077* null, %struct.inode.124077** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __ia32_sys_linkat ------------- Path:  Function:__ia32_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call i32 @do_linkat(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 Function:do_linkat %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.inode.124077*, align 8 %9 = bitcast %struct.path.124050* %6 to i8* %10 = bitcast %struct.path.124050* %7 to i8* %11 = bitcast %struct.inode.124077** %8 to i8* store %struct.inode.124077* null, %struct.inode.124077** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __x64_sys_linkat ------------- Path:  Function:__x64_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call i32 @do_linkat(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 Function:do_linkat %6 = alloca %struct.path.124050, align 8 %7 = alloca %struct.path.124050, align 8 %8 = alloca %struct.inode.124077*, align 8 %9 = bitcast %struct.path.124050* %6 to i8* %10 = bitcast %struct.path.124050* %7 to i8* %11 = bitcast %struct.inode.124077** %8 to i8* store %struct.inode.124077* null, %struct.inode.124077** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __ia32_sys_symlink ------------- Path:  Function:__ia32_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i64 @do_symlinkat(i8* %8, i32 -100, i8* %9) #69 Function:do_symlinkat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __x64_sys_symlink ------------- Path:  Function:__x64_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i64 @do_symlinkat(i8* %4, i32 -100, i8* %7) #69 Function:do_symlinkat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __ia32_sys_symlinkat ------------- Path:  Function:__ia32_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i8* %13 = tail call i64 @do_symlinkat(i8* %10, i32 %11, i8* %12) #69 Function:do_symlinkat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __x64_sys_symlinkat ------------- Path:  Function:__x64_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = tail call i64 @do_symlinkat(i8* %4, i32 %10, i8* %9) #69 Function:do_symlinkat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_unlink ------------- Path:  Function:__ia32_sys_unlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %5, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_unlink ------------- Path:  Function:__x64_sys_unlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call %struct.filename* @getname_flags(i8* %4, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_unlinkat ------------- Path:  Function:__ia32_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = and i32 %11, -513 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %22 %15 = and i32 %11, 512 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = tail call %struct.filename* @getname_flags(i8* %10, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_unlinkat ------------- Path:  Function:__x64_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = and i32 %10, -513 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %21 %14 = and i32 %10, 512 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.filename* @getname_flags(i8* %6, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __ia32_sys_unlinkat ------------- Path:  Function:__ia32_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = and i32 %11, -513 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %22 %15 = and i32 %11, 512 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call i64 @do_rmdir(i32 %9, i8* %10) #69 Function:do_rmdir %3 = alloca %struct.path.124050, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.124050* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __x64_sys_unlinkat ------------- Path:  Function:__x64_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = and i32 %10, -513 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %21 %14 = and i32 %10, 512 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i64 @do_rmdir(i32 %9, i8* %6) #69 Function:do_rmdir %3 = alloca %struct.path.124050, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.124050* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __ia32_sys_rmdir ------------- Path:  Function:__ia32_sys_rmdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @do_rmdir(i32 -100, i8* %5) #69 Function:do_rmdir %3 = alloca %struct.path.124050, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.124050* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __x64_sys_rmdir ------------- Path:  Function:__x64_sys_rmdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @do_rmdir(i32 -100, i8* %4) #69 Function:do_rmdir %3 = alloca %struct.path.124050, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.124050* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __ia32_sys_mkdir ------------- Path:  Function:__ia32_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_mkdirat(i32 -100, i8* %7, i16 zeroext %8) #69 Function:do_mkdirat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __x64_sys_mkdir ------------- Path:  Function:__x64_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_mkdirat(i32 -100, i8* %4, i16 zeroext %7) #69 Function:do_mkdirat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __ia32_sys_mkdirat ------------- Path:  Function:__ia32_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_mkdirat(i32 %9, i8* %10, i16 zeroext %11) #69 Function:do_mkdirat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __x64_sys_mkdirat ------------- Path:  Function:__x64_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i16 %11 = tail call i64 @do_mkdirat(i32 %9, i8* %6, i16 zeroext %10) #69 Function:do_mkdirat %4 = alloca %struct.path.124050, align 8 %5 = bitcast %struct.path.124050* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __ia32_sys_mknod ------------- Path:  Function:__ia32_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i32 %12 = tail call i64 @do_mknodat(i32 -100, i8* %9, i16 zeroext %10, i32 %11) #69 Function:do_mknodat %5 = alloca %struct.path.124050, align 8 %6 = bitcast %struct.path.124050* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __x64_sys_mknod ------------- Path:  Function:__x64_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i32 %11 = tail call i64 @do_mknodat(i32 -100, i8* %4, i16 zeroext %9, i32 %10) #69 Function:do_mknodat %5 = alloca %struct.path.124050, align 8 %6 = bitcast %struct.path.124050* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __ia32_sys_mknodat ------------- Path:  Function:__ia32_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i16 %14 = trunc i64 %10 to i32 %15 = tail call i64 @do_mknodat(i32 %11, i8* %12, i16 zeroext %13, i32 %14) #69 Function:do_mknodat %5 = alloca %struct.path.124050, align 8 %6 = bitcast %struct.path.124050* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __x64_sys_mknodat ------------- Path:  Function:__x64_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i16 %13 = trunc i64 %10 to i32 %14 = tail call i64 @do_mknodat(i32 %11, i8* %6, i16 zeroext %12, i32 %13) #69 Function:do_mknodat %5 = alloca %struct.path.124050, align 8 %6 = bitcast %struct.path.124050* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_execveat ------------- Path:  Function:__x64_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8*** %9 = load i8**, i8*** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i8*** %12 = load i8**, i8*** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = trunc i64 %14 to i32 %17 = shl i32 %16, 2 %18 = and i32 %17, 16384 %19 = tail call %struct.filename* @getname_flags(i8* %6, i32 %18, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_execveat ------------- Path:  Function:__ia32_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = inttoptr i64 %9 to i8** %18 = inttoptr i64 %12 to i8** %19 = trunc i64 %14 to i32 %20 = shl i32 %19, 2 %21 = and i32 %20, 16384 %22 = tail call %struct.filename* @getname_flags(i8* %16, i32 %21, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_execveat ------------- Path:  Function:__ia32_compat_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = trunc i64 %14 to i32 %18 = shl i32 %17, 2 %19 = and i32 %18, 16384 %20 = tail call %struct.filename* @getname_flags(i8* %16, i32 %19, i32* null) #69 ------------- Good: 20 Bad: 33 Ignored: 5 Check Use of Function:disk_get_part Check Use of Function:user_disable_single_step Check Use of Function:simple_rmdir Check Use of Function:do_linkat Use: =BAD PATH= Call Stack: 0 __ia32_sys_link ------------- Path:  Function:__ia32_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i32 @do_linkat(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_link ------------- Path:  Function:__x64_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i32 @do_linkat(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_linkat ------------- Path:  Function:__ia32_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call i32 @do_linkat(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_linkat ------------- Path:  Function:__x64_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call i32 @do_linkat(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:do_utimes Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __ia32_compat_sys_utimes ------------- Path:  Function:__ia32_compat_sys_utimes %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to %struct.util_est* %10 = tail call fastcc i64 @do_compat_futimesat(i32 -100, i8* %8, %struct.util_est* %9) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.48], align 16 %5 = bitcast [2 x %struct.anon.48]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.48* null, %struct.anon.48* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.48* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __ia32_compat_sys_futimesat ------------- Path:  Function:__ia32_compat_sys_futimesat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = inttoptr i64 %9 to %struct.util_est* %13 = tail call fastcc i64 @do_compat_futimesat(i32 %10, i8* %11, %struct.util_est* %12) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.48], align 16 %5 = bitcast [2 x %struct.anon.48]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.48* null, %struct.anon.48* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.48* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_utimensat ------------- Path:  Function:__ia32_compat_sys_utimensat %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i8* %15 = inttoptr i64 %10 to %struct.util_est* %16 = trunc i64 %12 to i32 %17 = bitcast [2 x %struct.anon.48]* %2 to i8* %18 = icmp eq i64 %10, 0 br i1 %18, label %38, label %19 %20 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %21 = inttoptr i64 %10 to i8* %22 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %20, i8* nonnull %21) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %42 %25 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1 %26 = getelementptr %struct.util_est, %struct.util_est* %15, i64 1 %27 = bitcast %struct.util_est* %26 to i8* %28 = call i32 @compat_get_timespec64(%struct.anon.48* %25, i8* %27) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %42 %31 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 1073741822 br i1 %33, label %34, label %38 %35 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 1073741822 br i1 %37, label %42, label %38 %39 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %40 = select i1 %18, %struct.anon.48* null, %struct.anon.48* %39 %41 = call i64 @do_utimes(i32 %13, i8* %14, %struct.anon.48* %40, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_utime ------------- Path:  Function:__ia32_compat_sys_utime %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to i8* %10 = inttoptr i64 %8 to %struct.util_est* %11 = bitcast [2 x %struct.anon.48]* %2 to i8* %12 = icmp eq i64 %8, 0 br i1 %12, label %42, label %13 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %16 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %15, i64 4, i64 %14) #6, !srcloc !4 %17 = extractvalue { i32*, i64, i64 } %16, 0 %18 = extractvalue { i32*, i64, i64 } %16, 1 %19 = extractvalue { i32*, i64, i64 } %16, 2 %20 = ptrtoint i32* %17 to i64 %21 = shl i64 %18, 32 %22 = ashr exact i64 %21, 32 %23 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 store i64 %22, i64* %23, align 16 %24 = and i64 %20, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %46, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i64, i64 } %29, 0 %31 = extractvalue { i32*, i64, i64 } %29, 1 %32 = extractvalue { i32*, i64, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = shl i64 %31, 32 %35 = ashr exact i64 %34, 32 %36 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 store i64 %35, i64* %36, align 16 %37 = and i64 %33, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %46, !prof !5, !misexpect !6 %40 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %40, align 8 %41 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %41, align 8 br label %42 %43 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %44 = select i1 %12, %struct.anon.48* null, %struct.anon.48* %43 %45 = call i64 @do_utimes(i32 -100, i8* %9, %struct.anon.48* %44, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utimes ------------- Path:  Function:__ia32_sys_utimes %2 = alloca [2 x %struct.anon.48], align 16 %3 = alloca [2 x %struct.anon.48], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to i8* %11 = bitcast [2 x %struct.anon.48]* %2 to i8* %12 = bitcast [2 x %struct.anon.48]* %3 to i8* %13 = icmp eq i64 %9, 0 br i1 %13, label %37, label %14 %15 = inttoptr i64 %9 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %15, i64 32) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %41 %19 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 999999 br i1 %21, label %41, label %22 %23 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999 br i1 %25, label %41, label %26 %27 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 0 store i64 %28, i64* %29, align 16 %30 = mul nuw nsw i64 %20, 1000 %31 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 1 store i64 %30, i64* %31, align 8 %32 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 %33 = load i64, i64* %32, align 16 %34 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 0 store i64 %33, i64* %34, align 16 %35 = mul nuw nsw i64 %24, 1000 %36 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 1 store i64 %35, i64* %36, align 8 br label %37 %38 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0 %39 = select i1 %13, %struct.anon.48* null, %struct.anon.48* %38 %40 = call i64 @do_utimes(i32 -100, i8* %10, %struct.anon.48* %39, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utimes ------------- Path:  Function:__x64_sys_utimes %2 = alloca [2 x %struct.anon.48], align 16 %3 = alloca [2 x %struct.anon.48], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = bitcast [2 x %struct.anon.48]* %2 to i8* %10 = bitcast [2 x %struct.anon.48]* %3 to i8* %11 = icmp eq i64 %8, 0 br i1 %11, label %35, label %12 %13 = inttoptr i64 %8 to i8* %14 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %13, i64 32) #69 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %39 %17 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ugt i64 %18, 999999 br i1 %19, label %39, label %20 %21 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp ugt i64 %22, 999999 br i1 %23, label %39, label %24 %25 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 %26 = load i64, i64* %25, align 16 %27 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 0 store i64 %26, i64* %27, align 16 %28 = mul nuw nsw i64 %18, 1000 %29 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 1 store i64 %28, i64* %29, align 8 %30 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 %31 = load i64, i64* %30, align 16 %32 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 0 store i64 %31, i64* %32, align 16 %33 = mul nuw nsw i64 %22, 1000 %34 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0 %37 = select i1 %11, %struct.anon.48* null, %struct.anon.48* %36 %38 = call i64 @do_utimes(i32 -100, i8* %6, %struct.anon.48* %37, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_futimesat ------------- Path:  Function:__ia32_sys_futimesat %2 = alloca [2 x %struct.anon.48], align 16 %3 = alloca [2 x %struct.anon.48], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %5 to i32 %13 = inttoptr i64 %8 to i8* %14 = bitcast [2 x %struct.anon.48]* %2 to i8* %15 = bitcast [2 x %struct.anon.48]* %3 to i8* %16 = icmp eq i64 %11, 0 br i1 %16, label %40, label %17 %18 = inttoptr i64 %11 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %18, i64 32) #69 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %44 %22 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 999999 br i1 %24, label %44, label %25 %26 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp ugt i64 %27, 999999 br i1 %28, label %44, label %29 %30 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 %31 = load i64, i64* %30, align 16 %32 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 0 store i64 %31, i64* %32, align 16 %33 = mul nuw nsw i64 %23, 1000 %34 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 1 store i64 %33, i64* %34, align 8 %35 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 %36 = load i64, i64* %35, align 16 %37 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 0 store i64 %36, i64* %37, align 16 %38 = mul nuw nsw i64 %27, 1000 %39 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 1 store i64 %38, i64* %39, align 8 br label %40 %41 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0 %42 = select i1 %16, %struct.anon.48* null, %struct.anon.48* %41 %43 = call i64 @do_utimes(i32 %12, i8* %13, %struct.anon.48* %42, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_futimesat ------------- Path:  Function:__x64_sys_futimesat %2 = alloca [2 x %struct.anon.48], align 16 %3 = alloca [2 x %struct.anon.48], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %5 to i32 %12 = bitcast [2 x %struct.anon.48]* %2 to i8* %13 = bitcast [2 x %struct.anon.48]* %3 to i8* %14 = icmp eq i64 %10, 0 br i1 %14, label %38, label %15 %16 = inttoptr i64 %10 to i8* %17 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %16, i64 32) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %42 %20 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp ugt i64 %21, 999999 br i1 %22, label %42, label %23 %24 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %25 = load i64, i64* %24, align 8 %26 = icmp ugt i64 %25, 999999 br i1 %26, label %42, label %27 %28 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 %29 = load i64, i64* %28, align 16 %30 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 0 store i64 %29, i64* %30, align 16 %31 = mul nuw nsw i64 %21, 1000 %32 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0, i32 1 store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 %34 = load i64, i64* %33, align 16 %35 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 0 store i64 %34, i64* %35, align 16 %36 = mul nuw nsw i64 %25, 1000 %37 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 1, i32 1 store i64 %36, i64* %37, align 8 br label %38 %39 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %3, i64 0, i64 0 %40 = select i1 %14, %struct.anon.48* null, %struct.anon.48* %39 %41 = call i64 @do_utimes(i32 %11, i8* %8, %struct.anon.48* %40, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utimensat ------------- Path:  Function:__ia32_sys_utimensat %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i8* %15 = inttoptr i64 %10 to %struct.anon.48* %16 = trunc i64 %12 to i32 %17 = bitcast [2 x %struct.anon.48]* %2 to i8* %18 = icmp eq i64 %10, 0 br i1 %18, label %36, label %19 %20 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %21 = call i32 @get_timespec64(%struct.anon.48* nonnull %20, %struct.anon.48* nonnull %15) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %40 %24 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1 %25 = getelementptr %struct.anon.48, %struct.anon.48* %15, i64 1 %26 = call i32 @get_timespec64(%struct.anon.48* %24, %struct.anon.48* %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %40 %29 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp eq i64 %30, 1073741822 br i1 %31, label %32, label %36 %33 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %34 = load i64, i64* %33, align 8 %35 = icmp eq i64 %34, 1073741822 br i1 %35, label %40, label %36 %37 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %38 = select i1 %18, %struct.anon.48* null, %struct.anon.48* %37 %39 = call i64 @do_utimes(i32 %13, i8* %14, %struct.anon.48* %38, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utimensat ------------- Path:  Function:__x64_sys_utimensat %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = inttoptr i64 %9 to %struct.anon.48* %14 = trunc i64 %11 to i32 %15 = bitcast [2 x %struct.anon.48]* %2 to i8* %16 = icmp eq i64 %9, 0 br i1 %16, label %34, label %17 %18 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %19 = call i32 @get_timespec64(%struct.anon.48* nonnull %18, %struct.anon.48* nonnull %13) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %38 %22 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1 %23 = getelementptr %struct.anon.48, %struct.anon.48* %13, i64 1 %24 = call i32 @get_timespec64(%struct.anon.48* %22, %struct.anon.48* %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 1073741822 br i1 %29, label %30, label %34 %31 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 1073741822 br i1 %33, label %38, label %34 %35 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %36 = select i1 %16, %struct.anon.48* null, %struct.anon.48* %35 %37 = call i64 @do_utimes(i32 %12, i8* %7, %struct.anon.48* %36, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utime ------------- Path:  Function:__ia32_sys_utime %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to i8* %10 = inttoptr i64 %8 to %struct.anon.48* %11 = bitcast [2 x %struct.anon.48]* %2 to i8* %12 = icmp eq i64 %8, 0 br i1 %12, label %38, label %13 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 0 %16 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64 8, i64 %14) #6, !srcloc !4 %17 = extractvalue { i64*, i64, i64 } %16, 0 %18 = extractvalue { i64*, i64, i64 } %16, 1 %19 = extractvalue { i64*, i64, i64 } %16, 2 %20 = ptrtoint i64* %17 to i64 %21 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 store i64 %18, i64* %21, align 16 %22 = and i64 %20, 4294967295 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %42, !prof !5, !misexpect !6 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 1 %27 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { i64*, i64, i64 } %27, 0 %29 = extractvalue { i64*, i64, i64 } %27, 1 %30 = extractvalue { i64*, i64, i64 } %27, 2 %31 = ptrtoint i64* %28 to i64 %32 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 store i64 %29, i64* %32, align 16 %33 = and i64 %31, 4294967295 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %42, !prof !5, !misexpect !6 %36 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %36, align 8 %37 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %37, align 8 br label %38 %39 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %40 = select i1 %12, %struct.anon.48* null, %struct.anon.48* %39 %41 = call i64 @do_utimes(i32 -100, i8* %9, %struct.anon.48* %40, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utime ------------- Path:  Function:__x64_sys_utime %2 = alloca [2 x %struct.anon.48], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.48* %9 = bitcast [2 x %struct.anon.48]* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %36, label %11 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 %14 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 8, i64 %12) #6, !srcloc !4 %15 = extractvalue { i64*, i64, i64 } %14, 0 %16 = extractvalue { i64*, i64, i64 } %14, 1 %17 = extractvalue { i64*, i64, i64 } %14, 2 %18 = ptrtoint i64* %15 to i64 %19 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 0 store i64 %16, i64* %19, align 16 %20 = and i64 %18, 4294967295 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %40, !prof !5, !misexpect !6 %24 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 %25 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %24, i64 8, i64 %23) #6, !srcloc !7 %26 = extractvalue { i64*, i64, i64 } %25, 0 %27 = extractvalue { i64*, i64, i64 } %25, 1 %28 = extractvalue { i64*, i64, i64 } %25, 2 %29 = ptrtoint i64* %26 to i64 %30 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 0 store i64 %27, i64* %30, align 16 %31 = and i64 %29, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %40, !prof !5, !misexpect !6 %34 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %34, align 8 %35 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %35, align 8 br label %36 %37 = getelementptr inbounds [2 x %struct.anon.48], [2 x %struct.anon.48]* %2, i64 0, i64 0 %38 = select i1 %10, %struct.anon.48* null, %struct.anon.48* %37 %39 = call i64 @do_utimes(i32 -100, i8* %5, %struct.anon.48* %38, i32 0) #69 ------------- Good: 4 Bad: 12 Ignored: 0 Check Use of Function:do_fchmodat Check Use of Function:tcf_proto_lookup_ops Check Use of Function:do_fchownat Use: =BAD PATH= Call Stack: 0 __ia32_sys_lchown ------------- Path:  Function:__ia32_sys_lchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %10, i32 %11, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_lchown ------------- Path:  Function:__x64_sys_lchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %9, i32 %10, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_chown ------------- Path:  Function:__ia32_sys_chown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %10, i32 %11, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_chown ------------- Path:  Function:__x64_sys_chown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %9, i32 %10, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchownat ------------- Path:  Function:__ia32_sys_fchownat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = trunc i64 %8 to i32 %16 = trunc i64 %10 to i32 %17 = trunc i64 %12 to i32 %18 = tail call i32 @do_fchownat(i32 %13, i8* %14, i32 %15, i32 %16, i32 %17) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchownat ------------- Path:  Function:__x64_sys_fchownat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %8 to i32 %15 = trunc i64 %10 to i32 %16 = trunc i64 %12 to i32 %17 = tail call i32 @do_fchownat(i32 %13, i8* %6, i32 %14, i32 %15, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_chown16 ------------- Path:  Function:__x64_sys_chown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i16 %11 = trunc i64 %6 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %8 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %14, i32 %18, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_chown16 ------------- Path:  Function:__ia32_sys_chown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i16 %12 = trunc i64 %6 to i32 %13 = and i32 %12, 65535 %14 = icmp eq i16 %10, -1 %15 = select i1 %14, i32 -1, i32 %13 %16 = trunc i64 %8 to i32 %17 = and i32 %16, 65535 %18 = icmp eq i16 %11, -1 %19 = select i1 %18, i32 -1, i32 %17 %20 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %15, i32 %19, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_lchown16 ------------- Path:  Function:__x64_sys_lchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i16 %11 = trunc i64 %6 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %8 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %14, i32 %18, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_lchown16 ------------- Path:  Function:__ia32_sys_lchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i16 %12 = trunc i64 %6 to i32 %13 = and i32 %12, 65535 %14 = icmp eq i16 %10, -1 %15 = select i1 %14, i32 -1, i32 %13 %16 = trunc i64 %8 to i32 %17 = and i32 %16, 65535 %18 = icmp eq i16 %11, -1 %19 = select i1 %18, i32 -1, i32 %17 %20 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %15, i32 %19, i32 256) #69 ------------- Good: 3 Bad: 10 Ignored: 0 Check Use of Function:do_mknodat Use: =BAD PATH= Call Stack: 0 __ia32_sys_mknod ------------- Path:  Function:__ia32_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i32 %12 = tail call i64 @do_mknodat(i32 -100, i8* %9, i16 zeroext %10, i32 %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mknod ------------- Path:  Function:__x64_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i32 %11 = tail call i64 @do_mknodat(i32 -100, i8* %4, i16 zeroext %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_mknodat ------------- Path:  Function:__ia32_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i16 %14 = trunc i64 %10 to i32 %15 = tail call i64 @do_mknodat(i32 %11, i8* %12, i16 zeroext %13, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mknodat ------------- Path:  Function:__x64_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i16 %13 = trunc i64 %10 to i32 %14 = tail call i64 @do_mknodat(i32 %11, i8* %6, i16 zeroext %12, i32 %13) #69 ------------- Good: 5 Bad: 4 Ignored: 0 Check Use of Function:proc_tgid_net_lookup Check Use of Function:dm_pr_register Check Use of Function:dev_change_proto_down Check Use of Function:do_sys_ftruncate Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ftruncate ------------- Path:  Function:__ia32_compat_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_ftruncate ------------- Path:  Function:__ia32_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_ftruncate ------------- Path:  Function:__x64_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 @do_sys_ftruncate(i32 %6, i64 %5, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_x86_ftruncate64 ------------- Path:  Function:__ia32_compat_sys_x86_ftruncate64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = shl i64 %8, 32 %11 = or i64 %10, %6 %12 = tail call i64 @do_sys_ftruncate(i32 %9, i64 %11, i32 1) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:ksys_fchown Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchown ------------- Path:  Function:__ia32_sys_fchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @ksys_fchown(i32 %8, i32 %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchown ------------- Path:  Function:__x64_sys_fchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @ksys_fchown(i32 %8, i32 %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchown16 ------------- Path:  Function:__x64_sys_fchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i16 %10 = trunc i64 %7 to i16 %11 = trunc i64 %5 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %7 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @ksys_fchown(i32 %8, i32 %14, i32 %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchown16 ------------- Path:  Function:__ia32_sys_fchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i16 %10 = trunc i64 %7 to i16 %11 = trunc i64 %5 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %7 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @ksys_fchown(i32 %8, i32 %14, i32 %18) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:shmem_xattr_handler_get Check Use of Function:dir_add Check Use of Function:drm_master_open Check Use of Function:do_mkdirat Use: =BAD PATH= Call Stack: 0 __ia32_sys_mkdir ------------- Path:  Function:__ia32_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_mkdirat(i32 -100, i8* %7, i16 zeroext %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mkdir ------------- Path:  Function:__x64_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_mkdirat(i32 -100, i8* %4, i16 zeroext %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_mkdirat ------------- Path:  Function:__ia32_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_mkdirat(i32 %9, i8* %10, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mkdirat ------------- Path:  Function:__x64_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i16 %11 = tail call i64 @do_mkdirat(i32 %9, i8* %6, i16 zeroext %10) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:maybe_link Check Use of Function:drm_gem_release Check Use of Function:panic Use: =BAD PATH= Call Stack: 0 snd_disconnect_release ------------- Path:  Function:snd_disconnect_release tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #69 %3 = load i8*, i8** bitcast (%struct.list_head* @shutdown_files to i8**), align 8 %4 = icmp eq i8* %3, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %4, label %28, label %5 %6 = phi i8* [ %26, %24 ], [ %3, %2 ] %7 = getelementptr i8, i8* %6, i64 -16 %8 = bitcast i8* %7 to %struct.file** %9 = load %struct.file*, %struct.file** %8, align 8 %10 = icmp eq %struct.file* %9, %1 br i1 %10, label %11, label %24 %25 = bitcast i8* %6 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %27, label %28, label %5 %29 = phi %struct.snd_monitor_file* [ %12, %11 ], [ null, %2 ], [ null, %24 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @shutdown_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = icmp eq %struct.snd_monitor_file* %29, null br i1 %30, label %50, label %31, !prof !6, !misexpect !7 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.16.53426, i64 0, i64 0), i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_disconnect_release, i64 0, i64 0), %struct.inode* %0, %struct.file* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl 5 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 %30 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %31 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 17 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 %36 = load i32, i32* @system_state, align 4 %37 = add i32 %36, -3 %38 = icmp ult i32 %37, 3 br i1 %38, label %39, label %42 %43 = and i32 %32, 64 %44 = icmp eq i32 %43, 0 br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 45 %47 = load %struct.journal_s.166876*, %struct.journal_s.166876** %46, align 16 %48 = icmp eq %struct.journal_s.166876* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.journal_s.166876, %struct.journal_s.166876* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = trunc i64 %51 to i8 %53 = icmp sgt i8 %52, -1 br i1 %53, label %56, label %54 %55 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 28, i64 0 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([47 x i8], [47 x i8]* @.str.296, i64 0, i64 0), i8* %55) #71 ------------- Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 %30 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %31 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 17 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 %36 = load i32, i32* @system_state, align 4 %37 = add i32 %36, -3 %38 = icmp ult i32 %37, 3 br i1 %38, label %39, label %42 %43 = and i32 %32, 64 %44 = icmp eq i32 %43, 0 br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %30, i64 0, i32 45 %47 = load %struct.journal_s.166876*, %struct.journal_s.166876** %46, align 16 %48 = icmp eq %struct.journal_s.166876* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.journal_s.166876, %struct.journal_s.166876* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = trunc i64 %51 to i8 %53 = icmp sgt i8 %52, -1 br i1 %53, label %56, label %54 %55 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 28, i64 0 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([47 x i8], [47 x i8]* @.str.296, i64 0, i64 0), i8* %55) #71 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = alloca %struct.wait_opts, align 8 %3 = alloca %struct.rusage, align 8 %4 = alloca %struct.ist_info, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %8 to i32 %18 = inttoptr i64 %11 to %struct.compat_siginfo* %19 = trunc i64 %13 to i32 %20 = inttoptr i64 %16 to %struct.compat_rusage* %21 = bitcast %struct.rusage* %3 to i8* %22 = bitcast %struct.ist_info* %4 to i8* %23 = icmp eq i64 %16, 0 %24 = select i1 %23, %struct.rusage* null, %struct.rusage* %3 %25 = bitcast %struct.wait_opts* %2 to i8* %26 = and i32 %19, 520093680 %27 = icmp ne i32 %26, 0 %28 = and i32 %19, 14 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %40, label %31 %32 = trunc i64 %6 to i32 switch i32 %32, label %40 [ i32 0, label %41 i32 1, label %33 i32 2, label %35 ] %36 = icmp slt i32 %17, 1 br i1 %36, label %40, label %37 %38 = phi i32 [ 0, %33 ], [ 2, %35 ] %39 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %17) #69 br label %41 %42 = phi i32 [ %38, %37 ], [ 4, %31 ] %43 = phi %struct.pid.40929* [ %39, %37 ], [ null, %31 ] %44 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 0 store i32 %42, i32* %44, align 8 %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 2 store %struct.pid.40929* %43, %struct.pid.40929** %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 1 store i32 %19, i32* %46, align 4 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 3 store %struct.ist_info* %4, %struct.ist_info** %47, align 8 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 5 store %struct.rusage* %24, %struct.rusage** %48, align 8 %49 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %2) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 __se_sys_waitid 6 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 __se_sys_waitid 6 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred.39299* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __compat_sys_getsockopt 4 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %208 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %209 = load i32, i32* %208, align 8 %210 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %211 = load i32, i32* %210, align 4 %212 = zext i32 %211 to i64 %213 = inttoptr i64 %212 to i8* %214 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 4 %215 = load i32, i32* %214, align 16 %216 = zext i32 %215 to i64 %217 = inttoptr i64 %216 to i32* %218 = call fastcc i32 @__compat_sys_getsockopt(i32 %90, i32 %92, i32 %209, i8* %213, i32* %217) #69 Function:__compat_sys_getsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 %11 = icmp eq %struct.socket.230347* %10, null br i1 %11, label %89, label %12 %13 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %10, i32 %1, i32 %2) #69 store i32 %13, i32* %8, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %86 %16 = icmp eq i32 %1, 1 br i1 %16, label %17, label %74 %18 = and i32 %2, -2 %19 = icmp eq i32 %18, 20 br i1 %19, label %20, label %70 %71 = call i32 @sock_getsockopt(%struct.socket.230347* nonnull %10, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __compat_sys_getsockopt 4 __ia32_compat_sys_getsockopt ------------- Path:  Function:__ia32_compat_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__compat_sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__compat_sys_getsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 %11 = icmp eq %struct.socket.230347* %10, null br i1 %11, label %89, label %12 %13 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %10, i32 %1, i32 %2) #69 store i32 %13, i32* %8, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %86 %16 = icmp eq i32 %1, 1 br i1 %16, label %17, label %74 %18 = and i32 %2, -2 %19 = icmp eq i32 %18, 20 br i1 %19, label %20, label %70 %71 = call i32 @sock_getsockopt(%struct.socket.230347* nonnull %10, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __se_sys_socketcall 5 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %200 = trunc i64 %41 to i32 %201 = trunc i64 %43 to i32 %202 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %203 = load i64, i64* %202, align 16 %204 = trunc i64 %203 to i32 %205 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %206 = bitcast i64* %205 to i8** %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %209 = bitcast i64* %208 to i32** %210 = load i32*, i32** %209, align 16 %211 = call fastcc i32 @__sys_getsockopt(i32 %200, i32 %201, i32 %204, i8* %207, i32* %210) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.230059* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 3 %13 = load %struct.file_operations.230044*, %struct.file_operations.230044** %12, align 8 %14 = icmp eq %struct.file_operations.230044* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.230347** %18 = load %struct.socket.230347*, %struct.socket.230347** %17, align 8 %19 = icmp eq %struct.socket.230347* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.230347* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __se_sys_socketcall 5 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %200 = trunc i64 %41 to i32 %201 = trunc i64 %43 to i32 %202 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %203 = load i64, i64* %202, align 16 %204 = trunc i64 %203 to i32 %205 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %206 = bitcast i64* %205 to i8** %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %209 = bitcast i64* %208 to i32** %210 = load i32*, i32** %209, align 16 %211 = call fastcc i32 @__sys_getsockopt(i32 %200, i32 %201, i32 %204, i8* %207, i32* %210) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.230059* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 3 %13 = load %struct.file_operations.230044*, %struct.file_operations.230044** %12, align 8 %14 = icmp eq %struct.file_operations.230044* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.230347** %18 = load %struct.socket.230347*, %struct.socket.230347** %17, align 8 %19 = icmp eq %struct.socket.230347* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.230347* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __ia32_sys_getsockopt ------------- Path:  Function:__ia32_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.230059* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 3 %13 = load %struct.file_operations.230044*, %struct.file_operations.230044** %12, align 8 %14 = icmp eq %struct.file_operations.230044* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.230347** %18 = load %struct.socket.230347*, %struct.socket.230347** %17, align 8 %19 = icmp eq %struct.socket.230347* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.230347* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __x64_sys_getsockopt ------------- Path:  Function:__x64_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to i32** %13 = load i32*, i32** %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = tail call fastcc i32 @__sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %10, i32* %13) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.230059* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 3 %13 = load %struct.file_operations.230044*, %struct.file_operations.230044** %12, align 8 %14 = icmp eq %struct.file_operations.230044* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.230347** %18 = load %struct.socket.230347*, %struct.socket.230347** %17, align 8 %19 = icmp eq %struct.socket.230347* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.230347* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.47, align 8 %8 = alloca %struct.exception_table_entry, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %12 = load %struct.sock.230350*, %struct.sock.230350** %11, align 8 %13 = bitcast %union.anon.47* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %504, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %504, label %25 switch i32 %2, label %504 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %162 i32 37, label %169 i32 20, label %174 i32 21, label %186 i32 18, label %198 i32 19, label %202 i32 16, label %204 i32 17, label %211 i32 59, label %244 i32 28, label %300 i32 30, label %318 i32 34, label %324 i32 31, label %331 i32 36, label %333 i32 40, label %337 i32 41, label %344 i32 42, label %351 i32 43, label %361 i32 25, label %368 i32 26, label %394 i32 44, label %398 i32 48, label %405 i32 45, label %407 i32 46, label %414 i32 47, label %418 i32 49, label %422 i32 55, label %426 i32 56, label %461 i32 57, label %467 i32 60, label %472 i32 61, label %479 ] %245 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 53 %246 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %245, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %246) #69 %247 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %12, i64 0, i32 55 %248 = load %struct.cred.230057*, %struct.cred.230057** %247, align 8 %249 = icmp eq %struct.cred.230057* %248, null br i1 %249, label %502, label %250 %251 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 24 %252 = bitcast %union.anon.51* %251 to i32* store i32 0, i32* %252, align 8 %253 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %254 = bitcast %struct.spinlock* %245 to i8* store volatile i8 0, i8* %254, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %255 = getelementptr inbounds %struct.cred.230057, %struct.cred.230057* %248, i64 0, i32 23 %256 = load %struct.group_info*, %struct.group_info** %255, align 8 %257 = getelementptr inbounds %struct.group_info, %struct.group_info* %256, i64 0, i32 1 %258 = load i32, i32* %257, align 4 %259 = shl i64 %17, 32 %260 = ashr exact i64 %259, 32 %261 = sext i32 %258 to i64 %262 = shl nsw i64 %261, 2 %263 = icmp ult i64 %260, %262 %264 = trunc i64 %262 to i32 br i1 %263, label %265, label %274 %275 = bitcast i8* %3 to i32* %276 = icmp sgt i32 %258, 0 br i1 %276, label %281, label %292 %282 = phi i64 [ %291, %277 ], [ 0, %274 ] %283 = getelementptr %struct.group_info, %struct.group_info* %256, i64 0, i32 2, i64 %282, i32 0 %284 = load i32, i32* %283, align 4 %285 = icmp eq i32 %284, -1 %286 = load i32, i32* @overflowgid, align 4 %287 = select i1 %285, i32 %286, i32 %284 %288 = getelementptr i32, i32* %275, i64 %282 %289 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %287, i32* %288) #6, !srcloc !16 %290 = icmp eq i32 %289, 0 %291 = add nuw nsw i64 %282, 1 br i1 %290, label %277, label %292, !prof !5, !misexpect !6 %293 = phi i1 [ true, %274 ], [ true, %277 ], [ false, %281 ] %294 = phi i32 [ 0, %274 ], [ 0, %277 ], [ -14, %281 ] %295 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %253, i32* %253) #6, !srcloc !14 %296 = and i8 %295, 1 %297 = icmp eq i8 %296, 0 br i1 %297, label %299, label %298 tail call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.230057*)*)(%struct.cred.230057* nonnull %248) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.227395, align 8 %5 = bitcast %struct.keyring_search_context.227395* %4 to i8* %6 = tail call %struct.task_struct.202369* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.202369** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.202369**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.202369, %struct.task_struct.202369* %6, i64 0, i32 78 %8 = getelementptr inbounds %struct.keyring_search_context.227395, %struct.keyring_search_context.227395* %4, i64 0, i32 1 %9 = and i64 %1, 1 %10 = icmp eq i64 %9, 0 br label %11 %12 = load %struct.cred.201836*, %struct.cred.201836** %7, align 16 %13 = icmp eq %struct.cred.201836* %12, null br i1 %13, label %18, label %14 store %struct.cred.201836* %12, %struct.cred.201836** %8, align 8 switch i32 %0, label %242 [ i32 -1, label %19 i32 -2, label %58 i32 -3, label %97 i32 -4, label %168 i32 -5, label %187 i32 -6, label %297 i32 -7, label %206 i32 -8, label %215 ] %298 = phi %struct.cred.201836* [ %296, %294 ], [ %12, %206 ], [ %12, %215 ], [ %12, %242 ], [ %12, %18 ] %299 = phi %struct.__key_reference_with_attributes* [ %295, %294 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %206 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %215 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %242 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %18 ] %300 = icmp eq %struct.cred.201836* %298, null br i1 %300, label %307, label %301 %302 = getelementptr inbounds %struct.cred.201836, %struct.cred.201836* %298, i64 0, i32 0, i32 0 %303 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %302, i32* %302) #6, !srcloc !11 %304 = and i8 %303, 1 %305 = icmp eq i8 %304, 0 br i1 %305, label %307, label %306 call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.201836*)*)(%struct.cred.201836* nonnull %298) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.227395, align 8 %5 = bitcast %struct.keyring_search_context.227395* %4 to i8* %6 = tail call %struct.task_struct.202369* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.202369** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.202369**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.202369, %struct.task_struct.202369* %6, i64 0, i32 78 %8 = getelementptr inbounds %struct.keyring_search_context.227395, %struct.keyring_search_context.227395* %4, i64 0, i32 1 %9 = and i64 %1, 1 %10 = icmp eq i64 %9, 0 br label %11 %12 = load %struct.cred.201836*, %struct.cred.201836** %7, align 16 %13 = icmp eq %struct.cred.201836* %12, null br i1 %13, label %18, label %14 store %struct.cred.201836* %12, %struct.cred.201836** %8, align 8 switch i32 %0, label %242 [ i32 -1, label %19 i32 -2, label %58 i32 -3, label %97 i32 -4, label %168 i32 -5, label %187 i32 -6, label %297 i32 -7, label %206 i32 -8, label %215 ] %298 = phi %struct.cred.201836* [ %296, %294 ], [ %12, %206 ], [ %12, %215 ], [ %12, %242 ], [ %12, %18 ] %299 = phi %struct.__key_reference_with_attributes* [ %295, %294 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %206 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %215 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %242 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %18 ] %300 = icmp eq %struct.cred.201836* %298, null br i1 %300, label %307, label %301 %302 = getelementptr inbounds %struct.cred.201836, %struct.cred.201836* %298, i64 0, i32 0, i32 0 %303 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %302, i32* %302) #6, !srcloc !11 %304 = and i8 %303, 1 %305 = icmp eq i8 %304, 0 br i1 %305, label %307, label %306 call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.201836*)*)(%struct.cred.201836* nonnull %298) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_get_keyring_ID 4 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %23 = tail call i64 @keyctl_get_keyring_ID(i32 %18, i32 %19) #69 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 8) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.227395, align 8 %5 = bitcast %struct.keyring_search_context.227395* %4 to i8* %6 = tail call %struct.task_struct.202369* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.202369** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.202369**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.202369, %struct.task_struct.202369* %6, i64 0, i32 78 %8 = getelementptr inbounds %struct.keyring_search_context.227395, %struct.keyring_search_context.227395* %4, i64 0, i32 1 %9 = and i64 %1, 1 %10 = icmp eq i64 %9, 0 br label %11 %12 = load %struct.cred.201836*, %struct.cred.201836** %7, align 16 %13 = icmp eq %struct.cred.201836* %12, null br i1 %13, label %18, label %14 store %struct.cred.201836* %12, %struct.cred.201836** %8, align 8 switch i32 %0, label %242 [ i32 -1, label %19 i32 -2, label %58 i32 -3, label %97 i32 -4, label %168 i32 -5, label %187 i32 -6, label %297 i32 -7, label %206 i32 -8, label %215 ] %298 = phi %struct.cred.201836* [ %296, %294 ], [ %12, %206 ], [ %12, %215 ], [ %12, %242 ], [ %12, %18 ] %299 = phi %struct.__key_reference_with_attributes* [ %295, %294 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %206 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %215 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %242 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %18 ] %300 = icmp eq %struct.cred.201836* %298, null br i1 %300, label %307, label %301 %302 = getelementptr inbounds %struct.cred.201836, %struct.cred.201836* %298, i64 0, i32 0, i32 0 %303 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %302, i32* %302) #6, !srcloc !11 %304 = and i8 %303, 1 %305 = icmp eq i8 %304, 0 br i1 %305, label %307, label %306 call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.201836*)*)(%struct.cred.201836* nonnull %298) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 6291648, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.227395, align 8 %5 = bitcast %struct.keyring_search_context.227395* %4 to i8* %6 = tail call %struct.task_struct.202369* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.202369** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.202369**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.202369, %struct.task_struct.202369* %6, i64 0, i32 78 %8 = getelementptr inbounds %struct.keyring_search_context.227395, %struct.keyring_search_context.227395* %4, i64 0, i32 1 %9 = and i64 %1, 1 %10 = icmp eq i64 %9, 0 br label %11 %12 = load %struct.cred.201836*, %struct.cred.201836** %7, align 16 %13 = icmp eq %struct.cred.201836* %12, null br i1 %13, label %18, label %14 store %struct.cred.201836* %12, %struct.cred.201836** %8, align 8 switch i32 %0, label %242 [ i32 -1, label %19 i32 -2, label %58 i32 -3, label %97 i32 -4, label %168 i32 -5, label %187 i32 -6, label %297 i32 -7, label %206 i32 -8, label %215 ] %298 = phi %struct.cred.201836* [ %296, %294 ], [ %12, %206 ], [ %12, %215 ], [ %12, %242 ], [ %12, %18 ] %299 = phi %struct.__key_reference_with_attributes* [ %295, %294 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %206 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %215 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %242 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %18 ] %300 = icmp eq %struct.cred.201836* %298, null br i1 %300, label %307, label %301 %302 = getelementptr inbounds %struct.cred.201836, %struct.cred.201836* %298, i64 0, i32 0, i32 0 %303 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %302, i32* %302) #6, !srcloc !11 %304 = and i8 %303, 1 %305 = icmp eq i8 %304, 0 br i1 %305, label %307, label %306 call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.201836*)*)(%struct.cred.201836* nonnull %298) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 6291648, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.227395, align 8 %5 = bitcast %struct.keyring_search_context.227395* %4 to i8* %6 = tail call %struct.task_struct.202369* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.202369** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.202369**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.202369, %struct.task_struct.202369* %6, i64 0, i32 78 %8 = getelementptr inbounds %struct.keyring_search_context.227395, %struct.keyring_search_context.227395* %4, i64 0, i32 1 %9 = and i64 %1, 1 %10 = icmp eq i64 %9, 0 br label %11 %12 = load %struct.cred.201836*, %struct.cred.201836** %7, align 16 %13 = icmp eq %struct.cred.201836* %12, null br i1 %13, label %18, label %14 store %struct.cred.201836* %12, %struct.cred.201836** %8, align 8 switch i32 %0, label %242 [ i32 -1, label %19 i32 -2, label %58 i32 -3, label %97 i32 -4, label %168 i32 -5, label %187 i32 -6, label %297 i32 -7, label %206 i32 -8, label %215 ] %298 = phi %struct.cred.201836* [ %296, %294 ], [ %12, %206 ], [ %12, %215 ], [ %12, %242 ], [ %12, %18 ] %299 = phi %struct.__key_reference_with_attributes* [ %295, %294 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %206 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %215 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %242 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %18 ] %300 = icmp eq %struct.cred.201836* %298, null br i1 %300, label %307, label %301 %302 = getelementptr inbounds %struct.cred.201836, %struct.cred.201836* %298, i64 0, i32 0, i32 0 %303 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %302, i32* %302) #6, !srcloc !11 %304 = and i8 %303, 1 %305 = icmp eq i8 %304, 0 br i1 %305, label %307, label %306 call void bitcast (void (%struct.cred.39299*)* @__put_cred to void (%struct.cred.201836*)*)(%struct.cred.201836* nonnull %298) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 78 %9 = load %struct.cred.39299*, %struct.cred.39299** %8, align 16 %10 = icmp eq %struct.cred.39299* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %7, i64 0, i32 77 %14 = load %struct.cred.39299*, %struct.cred.39299** %13, align 8 %15 = icmp eq %struct.cred.39299* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %0, i64 0, i32 24 %19 = bitcast %union.anon.51* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.51, %union.anon.51* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 revert_creds 2 nfs_idmap_get_key 3 nfs_map_name_to_uid 4 decode_getfattr_attrs 5 nfs4_decode_dirent ------------- Path:  Function:nfs4_decode_dirent %4 = alloca [3 x i32], align 4 %5 = bitcast [3 x i32]* %4 to i8* %6 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %7 = icmp eq i32* %6, null br i1 %7, label %120, label %8, !prof !4, !misexpect !5 %9 = load i32, i32* %6, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %19 %20 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 12) #69 %21 = icmp eq i32* %20, null br i1 %21, label %120, label %22, !prof !4, !misexpect !5 %23 = bitcast i32* %20 to i64* %24 = load i64, i64* %23, align 8 %25 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %24) #10, !srcloc !6 %26 = getelementptr i32, i32* %20, i64 2 %27 = load i32, i32* %26, align 4 %28 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %27) #10, !srcloc !7 %29 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 4 store i32 %28, i32* %29, align 8 %30 = zext i32 %28 to i64 %31 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %30) #69 %32 = icmp eq i32* %31, null br i1 %32, label %120, label %33, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 3 %35 = bitcast i8** %34 to i32** store i32* %31, i32** %35, align 8 %36 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 0 store i64 1, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 7 %38 = load %struct.nfs_fattr*, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %38, i64 0, i32 0 store i32 0, i32* %39, align 8 %40 = getelementptr inbounds [3 x i32], [3 x i32]* %4, i64 0, i64 0 %41 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %42 = icmp eq i32* %41, null br i1 %42, label %120, label %43, !prof !4, !misexpect !5 %44 = load i32, i32* %41, align 4 %45 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %44) #10, !srcloc !7 %46 = zext i32 %45 to i64 %47 = shl nuw nsw i64 %46, 2 %48 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %47) #69 %49 = icmp eq i32* %48, null br i1 %49, label %120, label %50, !prof !4, !misexpect !5 %51 = icmp ugt i32 %45, 3 br i1 %51, label %59, label %52 %53 = icmp eq i32 %45, 3 br i1 %53, label %59, label %54 %55 = getelementptr [3 x i32], [3 x i32]* %4, i64 0, i64 %46 %56 = bitcast i32* %55 to i8* %57 = sub nsw i64 12, %47 %58 = icmp eq i32 %45, 0 br i1 %58, label %76, label %59 %60 = phi i64 [ %46, %54 ], [ 3, %52 ], [ -90, %50 ] %61 = phi i64 [ %46, %54 ], [ 3, %52 ], [ 3, %50 ] br label %62 %63 = phi i32* [ %68, %62 ], [ %48, %59 ] %64 = phi i64 [ %70, %62 ], [ %61, %59 ] %65 = phi i32* [ %69, %62 ], [ %40, %59 ] %66 = load i32, i32* %63, align 4 %67 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %66) #10, !srcloc !7 store i32 %67, i32* %65, align 4 %68 = getelementptr i32, i32* %63, i64 1 %69 = getelementptr i32, i32* %65, i64 1 %70 = add nsw i64 %64, -1 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %62 %73 = icmp sgt i64 %60, -1 %74 = icmp eq i64 %60, -90 %75 = or i1 %73, %74 br i1 %75, label %76, label %120, !prof !8, !misexpect !9 %77 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %78 = icmp eq i32* %77, null br i1 %78, label %120, label %79, !prof !4, !misexpect !5 %80 = tail call i32 bitcast (i32 (%struct.xdr_stream.729138*)* @xdr_stream_pos to i32 (%struct.xdr_stream*)*)(%struct.xdr_stream* %0) #69 %81 = load %struct.nfs_fattr*, %struct.nfs_fattr** %37, align 8 %82 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 6 %83 = load %struct.nfs_fh*, %struct.nfs_fh** %82, align 8 %84 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 8 %85 = load %struct.nfs4_label*, %struct.nfs4_label** %84, align 8 %86 = getelementptr inbounds %struct.nfs_entry.197932, %struct.nfs_entry.197932* %1, i64 0, i32 10 %87 = load %struct.nfs_server.197931*, %struct.nfs_server.197931** %86, align 8 %88 = call fastcc i32 @decode_getfattr_attrs(%struct.xdr_stream* %0, i32* nonnull %40, %struct.nfs_fattr* %81, %struct.nfs_fh* %83, %struct.nfs4_fs_locations.197920* null, %struct.nfs4_label* %85, %struct.nfs_server.197931* %87) #70 Function:decode_getfattr_attrs %8 = alloca [3 x i32], align 4 %9 = load i32, i32* %1, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %824, !prof !4, !misexpect !5 %13 = and i32 %9, 2 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17, !prof !6, !misexpect !7 %16 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 1 store i16 0, i16* %16, align 4 br label %35 %36 = phi i16* [ %16, %15 ], [ %28, %25 ] %37 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 14 store i64 0, i64* %37, align 8 %38 = load i32, i32* %1, align 4 %39 = and i32 %38, 7 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %824, !prof !4, !misexpect !5 %42 = and i32 %38, 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %53, label %44, !prof !6, !misexpect !7 %45 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 8) #69 %46 = icmp eq i32* %45, null br i1 %46, label %824, label %47, !prof !6, !misexpect !5 %48 = bitcast i32* %45 to i64* %49 = load i64, i64* %48, align 8 %50 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %49) #10, !srcloc !9 store i64 %50, i64* %37, align 8 %51 = load i32, i32* %1, align 4 %52 = and i32 %51, -9 store i32 %52, i32* %1, align 4 br label %53 %54 = phi i32 [ 131072, %47 ], [ 0, %41 ] %55 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %56 = load i32, i32* %55, align 8 %57 = or i32 %56, %54 store i32 %57, i32* %55, align 8 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 6 store i64 0, i64* %58, align 8 %59 = load i32, i32* %1, align 4 %60 = and i32 %59, 15 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %824, !prof !4, !misexpect !5 %63 = and i32 %59, 16 %64 = icmp eq i32 %63, 0 br i1 %64, label %75, label %65, !prof !6, !misexpect !7 %66 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 8) #69 %67 = icmp eq i32* %66, null br i1 %67, label %824, label %68, !prof !6, !misexpect !5 %69 = bitcast i32* %66 to i64* %70 = load i64, i64* %69, align 8 %71 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %70) #10, !srcloc !9 store i64 %71, i64* %58, align 8 %72 = load i32, i32* %1, align 4 %73 = and i32 %72, -17 store i32 %73, i32* %1, align 4 %74 = load i32, i32* %55, align 8 br label %75 %76 = phi i32 [ %74, %68 ], [ %57, %62 ] %77 = phi i32 [ 64, %68 ], [ 0, %62 ] %78 = or i32 %76, %77 store i32 %78, i32* %55, align 8 %79 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 8 %80 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %79, i64 0, i32 0 %81 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 8, i32 1 %82 = bitcast %struct.anon.48* %79 to i8* %83 = load i32, i32* %1, align 4 %84 = and i32 %83, 255 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %824, !prof !4, !misexpect !5 %87 = and i32 %83, 256 %88 = icmp eq i32 %87, 0 br i1 %88, label %103, label %89, !prof !6, !misexpect !7 %90 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 16) #69 %91 = icmp eq i32* %90, null br i1 %91, label %824, label %92, !prof !6, !misexpect !5 %93 = bitcast i32* %90 to i64* %94 = load i64, i64* %93, align 8 %95 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %94) #10, !srcloc !9 store i64 %95, i64* %80, align 8 %96 = getelementptr i32, i32* %90, i64 2 %97 = bitcast i32* %96 to i64* %98 = load i64, i64* %97, align 8 %99 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %98) #10, !srcloc !9 store i64 %99, i64* %81, align 8 %100 = load i32, i32* %1, align 4 %101 = and i32 %100, -257 store i32 %101, i32* %1, align 4 %102 = load i32, i32* %55, align 8 br label %103 %104 = phi i32 [ %102, %92 ], [ %78, %86 ] %105 = phi i32 [ 1024, %92 ], [ 0, %86 ] %106 = or i32 %104, %105 store i32 %106, i32* %55, align 8 %107 = load i32, i32* %1, align 4 %108 = and i32 %107, 2047 %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %824, !prof !4, !misexpect !5 %111 = and i32 %107, 2048 %112 = icmp eq i32 %111, 0 br i1 %112, label %119, label %113, !prof !6, !misexpect !7 %114 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %115 = icmp eq i32* %114, null br i1 %115, label %824, label %116, !prof !6, !misexpect !5 %117 = load i32, i32* %1, align 4 %118 = and i32 %117, -2049 store i32 %118, i32* %1, align 4 br label %119 %120 = phi i32 [ %118, %116 ], [ %107, %110 ] %121 = icmp eq %struct.nfs_fh* %3, null br i1 %121, label %125, label %122 %123 = bitcast %struct.nfs_fh* %3 to i8* %124 = load i32, i32* %1, align 4 br label %125 %126 = phi i32 [ %124, %122 ], [ %120, %119 ] %127 = and i32 %126, 524287 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %824, !prof !4, !misexpect !5 %130 = and i32 %126, 524288 %131 = icmp eq i32 %130, 0 br i1 %131, label %152, label %132, !prof !6, !misexpect !7 %133 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %134 = icmp eq i32* %133, null br i1 %134, label %824, label %135, !prof !6, !misexpect !5 %136 = load i32, i32* %133, align 4 %137 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %136) #10, !srcloc !8 %138 = icmp sgt i32 %137, 128 br i1 %138, label %824, label %139 %140 = sext i32 %137 to i64 %141 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %140) #69 %142 = icmp eq i32* %141, null br i1 %142, label %824, label %143, !prof !6, !misexpect !5 br i1 %121, label %149, label %144 %145 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %3, i64 0, i32 1, i64 0 %146 = bitcast i32* %141 to i8* %147 = trunc i32 %137 to i16 %148 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %3, i64 0, i32 0 store i16 %147, i16* %148, align 2 br label %149 %150 = load i32, i32* %1, align 4 %151 = and i32 %150, -524289 store i32 %151, i32* %1, align 4 br label %152 %153 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 9 store i64 0, i64* %153, align 8 %154 = load i32, i32* %1, align 4 %155 = and i32 %154, 1048575 %156 = icmp eq i32 %155, 0 br i1 %156, label %157, label %824, !prof !4, !misexpect !5 %158 = and i32 %154, 1048576 %159 = icmp eq i32 %158, 0 br i1 %159, label %169, label %160, !prof !6, !misexpect !7 %161 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 8) #69 %162 = icmp eq i32* %161, null br i1 %162, label %824, label %163, !prof !6, !misexpect !5 %164 = bitcast i32* %161 to i64* %165 = load i64, i64* %164, align 8 %166 = tail call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %165) #10, !srcloc !9 store i64 %166, i64* %153, align 8 %167 = load i32, i32* %1, align 4 %168 = and i32 %167, -1048577 store i32 %168, i32* %1, align 4 br label %169 %170 = phi i32 [ 2048, %163 ], [ 0, %157 ] %171 = load i32, i32* %55, align 8 %172 = or i32 %171, %170 store i32 %172, i32* %55, align 8 %173 = load i32, i32* %1, align 4 %174 = and i32 %173, 16777215 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %824, !prof !4, !misexpect !5 %177 = and i32 %173, 16777216 %178 = icmp eq i32 %177, 0 br i1 %178, label %331, label %179, !prof !6, !misexpect !5 %180 = and i32 %173, -16777217 store i32 %180, i32* %1, align 4 %181 = icmp eq %struct.nfs4_fs_locations.197920* %4, null br i1 %181, label %824, label %182, !prof !6, !misexpect !5 %183 = getelementptr inbounds %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 2 %184 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %185 = icmp eq i32* %184, null br i1 %185, label %824, label %186, !prof !6, !misexpect !5 %187 = load i32, i32* %184, align 4 %188 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %187) #10, !srcloc !8 %189 = icmp eq i32 %188, 0 br i1 %189, label %217, label %190 %191 = icmp ugt i32 %188, 512 br i1 %191, label %824, label %192 %193 = getelementptr inbounds %struct.nfs4_pathname, %struct.nfs4_pathname* %183, i64 0, i32 0 store i32 0, i32* %193, align 8 br label %194 %195 = phi i32 [ %215, %213 ], [ 0, %192 ] %196 = zext i32 %195 to i64 %197 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 2, i32 1, i64 %196, i32 0 %198 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 2, i32 1, i64 %196, i32 1 store i8* null, i8** %198, align 8 %199 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %200 = icmp eq i32* %199, null br i1 %200, label %824, label %201, !prof !6, !misexpect !5 %202 = load i32, i32* %199, align 4 %203 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %202) #10, !srcloc !8 %204 = icmp eq i32 %203, 0 br i1 %204, label %213, label %205 %206 = zext i32 %203 to i64 %207 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %206) #69 %208 = icmp eq i32* %207, null %209 = icmp ugt i32 %203, 1024 %210 = or i1 %209, %208 br i1 %210, label %824, label %211, !prof !10, !misexpect !5 %212 = bitcast i8** %198 to i32** store i32* %207, i32** %212, align 8 br label %213 store i32 %203, i32* %197, align 4 %214 = load i32, i32* %193, align 8 %215 = add i32 %214, 1 store i32 %215, i32* %193, align 8 %216 = icmp ult i32 %215, %188 br i1 %216, label %194, label %221 %222 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %223 = icmp eq i32* %222, null br i1 %223, label %824, label %224, !prof !6, !misexpect !5 %225 = load i32, i32* %222, align 4 %226 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %225) #10, !srcloc !8 %227 = getelementptr inbounds %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 3 store i32 0, i32* %227, align 8 %228 = icmp slt i32 %226, 1 br i1 %228, label %331, label %229 %230 = phi i32 [ %324, %322 ], [ 0, %224 ] %231 = sext i32 %230 to i64 %232 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %233 = icmp eq i32* %232, null br i1 %233, label %824, label %234, !prof !6, !misexpect !5 %235 = load i32, i32* %232, align 4 %236 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %235) #10, !srcloc !8 %237 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 0 store i32 0, i32* %237, align 8 %238 = icmp eq i32 %236, 0 br i1 %238, label %283, label %239 %240 = phi i32 [ %281, %279 ], [ 0, %234 ] %241 = icmp eq i32 %240, 10 br i1 %241, label %242, label %261 %262 = zext i32 %240 to i64 %263 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 1, i64 %262, i32 0 %264 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 1, i64 %262, i32 1 store i8* null, i8** %264, align 8 %265 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %266 = icmp eq i32* %265, null br i1 %266, label %824, label %267, !prof !6, !misexpect !5 %268 = load i32, i32* %265, align 4 %269 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %268) #10, !srcloc !8 %270 = icmp eq i32 %269, 0 br i1 %270, label %279, label %271 %272 = zext i32 %269 to i64 %273 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %272) #69 %274 = icmp eq i32* %273, null %275 = icmp ugt i32 %269, 1024 %276 = or i1 %275, %274 br i1 %276, label %824, label %277, !prof !10, !misexpect !5 %278 = bitcast i8** %264 to i32** store i32* %273, i32** %278, align 8 br label %279 store i32 %269, i32* %263, align 4 %280 = load i32, i32* %237, align 8 %281 = add i32 %280, 1 store i32 %281, i32* %237, align 8 %282 = icmp ult i32 %281, %236 br i1 %282, label %239, label %283 %284 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 2 %285 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %286 = icmp eq i32* %285, null br i1 %286, label %824, label %287, !prof !6, !misexpect !5 %288 = load i32, i32* %285, align 4 %289 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %288) #10, !srcloc !8 %290 = icmp eq i32 %289, 0 br i1 %290, label %318, label %291 %292 = icmp ugt i32 %289, 512 br i1 %292, label %824, label %293 %294 = getelementptr inbounds %struct.nfs4_pathname, %struct.nfs4_pathname* %284, i64 0, i32 0 store i32 0, i32* %294, align 8 br label %295 %296 = phi i32 [ %316, %314 ], [ 0, %293 ] %297 = zext i32 %296 to i64 %298 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 2, i32 1, i64 %297, i32 0 %299 = getelementptr %struct.nfs4_fs_locations.197920, %struct.nfs4_fs_locations.197920* %4, i64 0, i32 4, i64 %231, i32 2, i32 1, i64 %297, i32 1 store i8* null, i8** %299, align 8 %300 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %301 = icmp eq i32* %300, null br i1 %301, label %824, label %302, !prof !6, !misexpect !5 %303 = load i32, i32* %300, align 4 %304 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %303) #10, !srcloc !8 %305 = icmp eq i32 %304, 0 br i1 %305, label %314, label %306 %307 = zext i32 %304 to i64 %308 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %307) #69 %309 = icmp eq i32* %308, null %310 = icmp ugt i32 %304, 1024 %311 = or i1 %310, %309 br i1 %311, label %824, label %312, !prof !10, !misexpect !5 %313 = bitcast i8** %299 to i32** store i32* %308, i32** %313, align 8 br label %314 store i32 %304, i32* %298, align 4 %315 = load i32, i32* %294, align 8 %316 = add i32 %315, 1 store i32 %316, i32* %294, align 8 %317 = icmp ult i32 %316, %289 br i1 %317, label %295, label %322 %323 = load i32, i32* %227, align 8 %324 = add i32 %323, 1 store i32 %324, i32* %227, align 8 %325 = icmp sge i32 %324, %226 %326 = icmp eq i32 %324, 10 %327 = or i1 %325, %326 br i1 %327, label %328, label %229 %329 = icmp eq i32 %324, 0 %330 = select i1 %329, i32 0, i32 524288 br label %331 %332 = phi i32 [ %330, %328 ], [ 0, %224 ], [ 0, %176 ] %333 = load i32, i32* %55, align 8 %334 = or i32 %333, %332 store i32 %334, i32* %55, align 8 %335 = load i32, i32* %1, align 4 %336 = icmp eq i32 %335, 0 br i1 %336, label %337, label %824, !prof !4, !misexpect !5 %338 = getelementptr i32, i32* %1, i64 1 %339 = load i32, i32* %338, align 4 %340 = and i32 %339, 1 %341 = icmp eq i32 %340, 0 br i1 %341, label %342, label %824, !prof !4, !misexpect !5 %343 = and i32 %339, 2 %344 = icmp eq i32 %343, 0 br i1 %344, label %359, label %345, !prof !6, !misexpect !7 %360 = phi i32 [ %334, %342 ], [ %358, %348 ] %361 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 2 store i32 1, i32* %361, align 4 %362 = load i32, i32* %338, align 4 %363 = and i32 %362, 7 %364 = icmp eq i32 %363, 0 br i1 %364, label %365, label %824, !prof !4, !misexpect !5 %366 = and i32 %362, 8 %367 = icmp eq i32 %366, 0 br i1 %367, label %377, label %368, !prof !6, !misexpect !7 %369 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %370 = icmp eq i32* %369, null br i1 %370, label %824, label %371, !prof !6, !misexpect !5 %372 = load i32, i32* %369, align 4 %373 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %372) #10, !srcloc !8 store i32 %373, i32* %361, align 4 %374 = load i32, i32* %338, align 4 %375 = and i32 %374, -9 store i32 %375, i32* %338, align 4 %376 = load i32, i32* %55, align 8 br label %377 %378 = phi i32 [ %376, %371 ], [ %360, %365 ] %379 = phi i32 [ 4, %371 ], [ 0, %365 ] %380 = or i32 %378, %379 store i32 %380, i32* %55, align 8 %381 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 3 %382 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 21 %383 = load %struct.anon.102.5387*, %struct.anon.102.5387** %382, align 8 %384 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %381, i64 0, i32 0 store i32 -2, i32* %384, align 4 %385 = load i32, i32* %338, align 4 %386 = zext i32 %385 to i64 %387 = and i64 %386, 15 %388 = icmp eq i64 %387, 0 br i1 %388, label %389, label %824, !prof !4, !misexpect !5 %390 = and i64 %386, 16 %391 = icmp eq i64 %390, 0 br i1 %391, label %423, label %392 %393 = and i32 %385, -17 store i32 %393, i32* %338, align 4 %394 = icmp eq %struct.anon.102.5387* %383, null br i1 %394, label %403, label %395 %404 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 4) #69 %405 = icmp eq i32* %404, null br i1 %405, label %824, label %406, !prof !6, !misexpect !5 %407 = load i32, i32* %404, align 4 %408 = tail call i32 asm "bswapl $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i32 %407) #10, !srcloc !8 %409 = icmp eq i32 %408, 0 br i1 %409, label %420, label %410 %411 = zext i32 %408 to i64 %412 = tail call i32* bitcast (i32* (%struct.xdr_stream.729138*, i64)* @xdr_inline_decode to i32* (%struct.xdr_stream*, i64)*)(%struct.xdr_stream* %0, i64 %411) #69 %413 = icmp eq i32* %412, null br i1 %413, label %824, label %414, !prof !6, !misexpect !5 %415 = icmp ugt i32 %408, 1024 br i1 %415, label %423, label %416, !prof !6, !misexpect !5 %417 = bitcast i32* %412 to i8* %418 = tail call i32 bitcast (i32 (%struct.nfs_server.202492*, i8*, i64, %struct.kuid_t*)* @nfs_map_name_to_uid to i32 (%struct.nfs_server.197931*, i8*, i64, %struct.kuid_t*)*)(%struct.nfs_server.197931* %6, i8* nonnull %417, i64 %411, %struct.kuid_t* %381) #69 Function:nfs_map_name_to_uid %5 = alloca [11 x i8], align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.nfs_server.202492, %struct.nfs_server.202492* %0, i64 0, i32 0 %10 = load %struct.nfs_client.202487*, %struct.nfs_client.202487** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.202487, %struct.nfs_client.202487* %10, i64 0, i32 26 %12 = load %struct.idmap*, %struct.idmap** %11, align 8 %13 = bitcast i64* %7 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %15 = tail call i8* @memchr(i8* %1, i32 64, i64 %2) #69 %16 = icmp ne i8* %15, null %17 = icmp ugt i64 %2, 15 %18 = or i1 %17, %16 br i1 %18, label %25, label %19 %26 = getelementptr inbounds [11 x i8], [11 x i8]* %5, i64 0, i64 0 %27 = bitcast i64* %6 to i8* %28 = call fastcc i64 @nfs_idmap_get_key(i8* %1, i64 %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.3.19652, i64 0, i64 0), i8* nonnull %26, i64 11, %struct.idmap* %12) #69 Function:nfs_idmap_get_key %7 = load %struct.cred.201836*, %struct.cred.201836** @id_resolver_cache, align 8 %8 = tail call %struct.cred.201836* bitcast (%struct.cred.39299* (%struct.cred.39299*)* @override_creds to %struct.cred.201836* (%struct.cred.201836*)*)(%struct.cred.201836* %7) #69 %9 = tail call i64 @strlen(i8* %2) #69 %10 = add i64 %9, %1 %11 = add i64 %10, 2 %12 = tail call noalias align 8 i8* @__kmalloc(i64 %11, i32 6291648) #69 %13 = icmp eq i8* %12, null br i1 %13, label %19, label %14 %15 = getelementptr i8, i8* %12, i64 %9 %16 = getelementptr i8, i8* %15, i64 1 store i8 58, i8* %15, align 1 %17 = getelementptr i8, i8* %16, i64 %1 store i8 0, i8* %17, align 1 %18 = icmp slt i64 %11, 0 br i1 %18, label %19, label %22 %20 = phi i64 [ %11, %14 ], [ -12, %6 ] %21 = inttoptr i64 %20 to %struct.key.202376* br label %36 %37 = phi %struct.key.202376* [ %21, %19 ], [ %30, %35 ] tail call void bitcast (void (%struct.cred.39299*)* @revert_creds to void (%struct.cred.201836*)*)(%struct.cred.201836* %8) #69 Function:revert_creds %2 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 78 %4 = load %struct.cred.39299*, %struct.cred.39299** %3, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = ptrtoint %struct.cred.39299* %0 to i64 %6 = bitcast %struct.cred.39299** %3 to i64* store volatile i64 %5, i64* %6, align 8 %7 = icmp eq %struct.cred.39299* %4, null br i1 %7, label %34, label %8 %9 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %4, i64 0, i32 0, i32 0 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %34, label %13 %14 = load volatile i32, i32* %9, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %17, label %16, !prof !7, !misexpect !8 %18 = load %struct.cred.39299*, %struct.cred.39299** %3, align 16 %19 = icmp eq %struct.cred.39299* %18, %4 br i1 %19, label %20, label %21, !prof !11, !misexpect !8 %22 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 77 %23 = load %struct.cred.39299*, %struct.cred.39299** %22, align 8 %24 = icmp eq %struct.cred.39299* %23, %4 br i1 %24, label %25, label %26, !prof !11, !misexpect !8 %27 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %4, i64 0, i32 24 %28 = bitcast %union.anon.51* %27 to i32* %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 %31 = getelementptr %union.anon.51, %union.anon.51* %27, i64 0, i32 0 br i1 %30, label %33, label %32 tail call void @put_cred_rcu(%struct.callback_head* %31) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.5745, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Good: 781 Bad: 40 Ignored: 579 Check Use of Function:do_symlinkat Use: =BAD PATH= Call Stack: 0 __ia32_sys_symlink ------------- Path:  Function:__ia32_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i64 @do_symlinkat(i8* %8, i32 -100, i8* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_symlink ------------- Path:  Function:__x64_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i64 @do_symlinkat(i8* %4, i32 -100, i8* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_symlinkat ------------- Path:  Function:__ia32_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i8* %13 = tail call i64 @do_symlinkat(i8* %10, i32 %11, i8* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_symlinkat ------------- Path:  Function:__x64_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = tail call i64 @do_symlinkat(i8* %4, i32 %10, i8* %9) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:vfs_unlink Check Use of Function:vfs_rmdir Check Use of Function:put_css_set_locked Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.82208, %struct.ns_common.82208* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.82422* %4 = icmp eq i32* %2, null br i1 %4, label %10, label %5 %6 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32* nonnull %2) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %10, label %9 tail call void @free_cgroup_ns(%struct.cgroup_namespace.82422* nonnull %3) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.82208, %struct.ns_common.82208* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.82422* %4 = icmp eq i32* %2, null br i1 %4, label %10, label %5 %6 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32* nonnull %2) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %10, label %9 tail call void @free_cgroup_ns(%struct.cgroup_namespace.82422* nonnull %3) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 1, i32 0, i32 0 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %140, label %6 %7 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 10 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %13, label %12, !prof !5, !misexpect !6 br label %14 %15 = phi i64 [ %47, %46 ], [ 0, %13 ] %16 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 1 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 0 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %18, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %16, align 8 %23 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 0, i64 %15 %24 = load %struct.cgroup_subsys_state.81704*, %struct.cgroup_subsys_state.81704** %23, align 8 %25 = getelementptr inbounds %struct.cgroup_subsys_state.81704, %struct.cgroup_subsys_state.81704* %24, i64 0, i32 7 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %46 %47 = add nuw nsw i64 %15, 1 %48 = icmp eq i64 %47, 4 br i1 %48, label %49, label %14 %50 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12 %51 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12, i32 1 %52 = load %struct.hlist_node**, %struct.hlist_node*** %51, align 8 %53 = icmp eq %struct.hlist_node** %52, null br i1 %53, label %64, label %54 %65 = load i32, i32* @css_set_count, align 4 %66 = add i32 %65, -1 store i32 %66, i32* @css_set_count, align 4 %67 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 13 %68 = bitcast %struct.list_head* %67 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %67, %70 br i1 %71, label %125, label %72 %73 = phi i8* [ %76, %122 ], [ %69, %64 ] %74 = getelementptr i8, i8* %73, i64 -32 %75 = bitcast i8* %73 to i8** %76 = load i8*, i8** %75, align 8 %77 = getelementptr i8, i8* %73, i64 -16 %78 = getelementptr i8, i8* %73, i64 -8 %79 = bitcast i8* %78 to %struct.list_head** %80 = load %struct.list_head*, %struct.list_head** %79, align 8 %81 = bitcast i8* %77 to %struct.list_head** %82 = load %struct.list_head*, %struct.list_head** %81, align 8 %83 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 1 store %struct.list_head* %80, %struct.list_head** %83, align 8 %84 = ptrtoint %struct.list_head* %82 to i64 %85 = bitcast %struct.list_head* %80 to i64* store volatile i64 %84, i64* %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %81, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %79, align 8 %86 = getelementptr inbounds i8, i8* %73, i64 8 %87 = bitcast i8* %86 to %struct.list_head** %88 = load %struct.list_head*, %struct.list_head** %87, align 8 %89 = bitcast i8* %73 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 1 store %struct.list_head* %88, %struct.list_head** %91, align 8 %92 = ptrtoint %struct.list_head* %90 to i64 %93 = bitcast %struct.list_head* %88 to i64* store volatile i64 %92, i64* %93, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %89, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %87, align 8 %94 = bitcast i8* %74 to %struct.cgroup.81698** %95 = load %struct.cgroup.81698*, %struct.cgroup.81698** %94, align 8 %96 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 12 %97 = bitcast %struct.cgroup_subsys_state.81704** %96 to %struct.cgroup.81698** %98 = load %struct.cgroup.81698*, %struct.cgroup.81698** %97, align 8 %99 = icmp eq %struct.cgroup.81698* %98, null br i1 %99, label %122, label %100 %101 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 7 %102 = load i32, i32* %101, align 4 %103 = and i32 %102, 1 %104 = icmp eq i32 %103, 0 br i1 %104, label %105, label %122 %106 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %107 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 1 %108 = load volatile i64, i64* %107, align 8 %109 = and i64 %108, 3 %110 = icmp eq i64 %109, 0 br i1 %110, label %111, label %113, !prof !5, !misexpect !6 %114 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %106, i64 0, i32 0, i32 0 %115 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %114, i64 1, i64* %114) #6, !srcloc !11 %116 = and i8 %115, 1 %117 = icmp eq i8 %116, 0 br i1 %117, label %121, label %118, !prof !5, !misexpect !6 %119 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 2 %120 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %119, align 8 tail call void %120(%struct.percpu_ref* %106) #69 br label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %122 tail call void @kfree(i8* %74) #69 %123 = bitcast i8* %76 to %struct.list_head* %124 = icmp eq %struct.list_head* %67, %123 br i1 %124, label %125, label %72 %126 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 2 %127 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 %128 = icmp eq %struct.css_set.81705* %127, %0 br i1 %128, label %138, label %129 %130 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 1 %131 = load %struct.list_head*, %struct.list_head** %130, align 8 %132 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 0 %133 = load %struct.list_head*, %struct.list_head** %132, align 8 %134 = getelementptr inbounds %struct.list_head, %struct.list_head* %133, i64 0, i32 1 store %struct.list_head* %131, %struct.list_head** %134, align 8 %135 = ptrtoint %struct.list_head* %133 to i64 %136 = bitcast %struct.list_head* %131 to i64* store volatile i64 %135, i64* %136, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %132, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %130, align 8 %137 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 tail call void @put_css_set_locked(%struct.css_set.81705* %137) #70 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 1, i32 0, i32 0 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %140, label %6 %7 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 10 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %13, label %12, !prof !5, !misexpect !6 br label %14 %15 = phi i64 [ %47, %46 ], [ 0, %13 ] %16 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 1 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 0 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %18, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %16, align 8 %23 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 0, i64 %15 %24 = load %struct.cgroup_subsys_state.81704*, %struct.cgroup_subsys_state.81704** %23, align 8 %25 = getelementptr inbounds %struct.cgroup_subsys_state.81704, %struct.cgroup_subsys_state.81704* %24, i64 0, i32 7 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %46 %47 = add nuw nsw i64 %15, 1 %48 = icmp eq i64 %47, 4 br i1 %48, label %49, label %14 %50 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12 %51 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12, i32 1 %52 = load %struct.hlist_node**, %struct.hlist_node*** %51, align 8 %53 = icmp eq %struct.hlist_node** %52, null br i1 %53, label %64, label %54 %65 = load i32, i32* @css_set_count, align 4 %66 = add i32 %65, -1 store i32 %66, i32* @css_set_count, align 4 %67 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 13 %68 = bitcast %struct.list_head* %67 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %67, %70 br i1 %71, label %125, label %72 %73 = phi i8* [ %76, %122 ], [ %69, %64 ] %74 = getelementptr i8, i8* %73, i64 -32 %75 = bitcast i8* %73 to i8** %76 = load i8*, i8** %75, align 8 %77 = getelementptr i8, i8* %73, i64 -16 %78 = getelementptr i8, i8* %73, i64 -8 %79 = bitcast i8* %78 to %struct.list_head** %80 = load %struct.list_head*, %struct.list_head** %79, align 8 %81 = bitcast i8* %77 to %struct.list_head** %82 = load %struct.list_head*, %struct.list_head** %81, align 8 %83 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 1 store %struct.list_head* %80, %struct.list_head** %83, align 8 %84 = ptrtoint %struct.list_head* %82 to i64 %85 = bitcast %struct.list_head* %80 to i64* store volatile i64 %84, i64* %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %81, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %79, align 8 %86 = getelementptr inbounds i8, i8* %73, i64 8 %87 = bitcast i8* %86 to %struct.list_head** %88 = load %struct.list_head*, %struct.list_head** %87, align 8 %89 = bitcast i8* %73 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 1 store %struct.list_head* %88, %struct.list_head** %91, align 8 %92 = ptrtoint %struct.list_head* %90 to i64 %93 = bitcast %struct.list_head* %88 to i64* store volatile i64 %92, i64* %93, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %89, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %87, align 8 %94 = bitcast i8* %74 to %struct.cgroup.81698** %95 = load %struct.cgroup.81698*, %struct.cgroup.81698** %94, align 8 %96 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 12 %97 = bitcast %struct.cgroup_subsys_state.81704** %96 to %struct.cgroup.81698** %98 = load %struct.cgroup.81698*, %struct.cgroup.81698** %97, align 8 %99 = icmp eq %struct.cgroup.81698* %98, null br i1 %99, label %122, label %100 %101 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 7 %102 = load i32, i32* %101, align 4 %103 = and i32 %102, 1 %104 = icmp eq i32 %103, 0 br i1 %104, label %105, label %122 %106 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %107 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 1 %108 = load volatile i64, i64* %107, align 8 %109 = and i64 %108, 3 %110 = icmp eq i64 %109, 0 br i1 %110, label %111, label %113, !prof !5, !misexpect !6 %114 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %106, i64 0, i32 0, i32 0 %115 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %114, i64 1, i64* %114) #6, !srcloc !11 %116 = and i8 %115, 1 %117 = icmp eq i8 %116, 0 br i1 %117, label %121, label %118, !prof !5, !misexpect !6 %119 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 2 %120 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %119, align 8 tail call void %120(%struct.percpu_ref* %106) #69 br label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %122 tail call void @kfree(i8* %74) #69 %123 = bitcast i8* %76 to %struct.list_head* %124 = icmp eq %struct.list_head* %67, %123 br i1 %124, label %125, label %72 %126 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 2 %127 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 %128 = icmp eq %struct.css_set.81705* %127, %0 br i1 %128, label %138, label %129 %130 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 1 %131 = load %struct.list_head*, %struct.list_head** %130, align 8 %132 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 0 %133 = load %struct.list_head*, %struct.list_head** %132, align 8 %134 = getelementptr inbounds %struct.list_head, %struct.list_head* %133, i64 0, i32 1 store %struct.list_head* %131, %struct.list_head** %134, align 8 %135 = ptrtoint %struct.list_head* %133 to i64 %136 = bitcast %struct.list_head* %131 to i64* store volatile i64 %135, i64* %136, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %132, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %130, align 8 %137 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 tail call void @put_css_set_locked(%struct.css_set.81705* %137) #70 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroup_mount ------------- Path:  Function:cgroup_mount %5 = alloca i8*, align 8 %6 = tail call %struct.task_struct.81800* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.81800** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.81800**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.81800, %struct.task_struct.81800* %6, i64 0, i32 85 %8 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %8, i64 0, i32 6 %10 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %9, align 8 %11 = icmp eq %struct.cgroup_namespace.81706* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 2 %18 = load %struct.user_namespace.81710*, %struct.user_namespace.81710** %17, align 8 %19 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.81710*, i32)*)(%struct.user_namespace.81710* %18, i32 21) #69 br i1 %19, label %25, label %20 %26 = load i1, i1* @use_task_css_set_links, align 1 br i1 %26, label %124, label %27 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 %28 = load i1, i1* @use_task_css_set_links, align 1 br i1 %28, label %122, label %29 store i1 true, i1* @use_task_css_set_links, align 1 %30 = load volatile i64, i64* bitcast (%struct.list_head** getelementptr inbounds (%struct.task_struct.81800, %struct.task_struct.81800* bitcast (%struct.task_struct.1872* @init_task to %struct.task_struct.81800*), i64 0, i32 29, i32 0) to i64*), align 16 %31 = inttoptr i64 %30 to i8* %32 = getelementptr i8, i8* %31, i64 -912 %33 = icmp eq i8* %32, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %33, label %122, label %41 %42 = phi i8* [ %39, %34 ], [ %32, %29 ] br label %43 %44 = phi i8* [ %120, %112 ], [ %42, %41 ] %45 = getelementptr inbounds i8, i8* %44, i64 2032 %46 = bitcast i8* %45 to %struct.list_head* %47 = bitcast i8* %45 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %46, %49 br i1 %50, label %51, label %57, !prof !7 %52 = getelementptr inbounds i8, i8* %44, i64 2024 %53 = bitcast i8* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.css_set.81705* %56 = icmp eq %struct.css_set.81705* %55, @init_css_set br i1 %56, label %58, label %57, !prof !7, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 1851, i32 2307, i64 12) #6, !srcloc !9 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 315) #6, !srcloc !10 br label %58 %59 = getelementptr inbounds i8, i8* %44, i64 1672 %60 = bitcast i8* %59 to %struct.sighand_struct** %61 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %62 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %61, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds i8, i8* %44, i64 36 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = and i32 %65, 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %112 %69 = getelementptr inbounds i8, i8* %44, i64 2024 %70 = bitcast i8* %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.css_set.81705* %73 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5 %74 = bitcast %struct.list_head* %73 to i64* %75 = load volatile i64, i64* %74, align 8 %76 = inttoptr i64 %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %73, %76 br i1 %77, label %78, label %99 %79 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 6 %80 = bitcast %struct.list_head* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = inttoptr i64 %81 to %struct.list_head* %83 = icmp eq %struct.list_head* %79, %82 br i1 %83, label %84, label %99 %85 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 13 %86 = bitcast %struct.list_head* %85 to i8** %87 = load i8*, i8** %86, align 8 %88 = bitcast i8* %87 to %struct.list_head* %89 = icmp eq %struct.list_head* %85, %88 br i1 %89, label %99, label %90 %91 = phi i8* [ %96, %90 ], [ %87, %84 ] %92 = getelementptr i8, i8* %91, i64 -32 %93 = bitcast i8* %92 to %struct.cgroup.81698** %94 = load %struct.cgroup.81698*, %struct.cgroup.81698** %93, align 8 tail call fastcc void @cgroup_update_populated(%struct.cgroup.81698* %94, i1 zeroext true) #69 %95 = bitcast i8* %91 to i8** %96 = load i8*, i8** %95, align 8 %97 = bitcast i8* %96 to %struct.list_head* %98 = icmp eq %struct.list_head* %85, %97 br i1 %98, label %99, label %90 %100 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 5, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = bitcast %struct.list_head** %100 to i8** store i8* %45, i8** %102, align 8 %103 = bitcast i8* %45 to %struct.list_head** store %struct.list_head* %73, %struct.list_head** %103, align 8 %104 = getelementptr inbounds i8, i8* %44, i64 2040 %105 = bitcast i8* %104 to %struct.list_head** store %struct.list_head* %101, %struct.list_head** %105, align 8 %106 = ptrtoint i8* %45 to i64 %107 = bitcast %struct.list_head* %101 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %108, i32* %108) #6, !srcloc !5 %109 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %72, i64 0, i32 4 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, 1 store i32 %111, i32* %109, align 8 br label %112 %113 = load %struct.sighand_struct*, %struct.sighand_struct** %60, align 8 %114 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %113, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %116 = getelementptr inbounds i8, i8* %44, i64 1344 %117 = bitcast i8* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to i8* %120 = getelementptr i8, i8* %119, i64 -1344 %121 = icmp eq i8* %120, %42 br i1 %121, label %34, label %43 %35 = getelementptr inbounds i8, i8* %42, i64 912 %36 = bitcast i8* %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = inttoptr i64 %37 to i8* %39 = getelementptr i8, i8* %38, i64 -912 %40 = icmp eq i8* %39, bitcast (%struct.task_struct.1872* @init_task to i8*) br i1 %40, label %122, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @css_set_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %123 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %124 %125 = icmp eq %struct.file_system_type.81383* %0, @cgroup2_fs_type br i1 %125, label %126, label %183 %127 = bitcast i8** %5 to i8* store i8* %3, i8** %5, align 8 %128 = icmp eq i8* %3, null br i1 %128, label %150, label %129 %130 = load i8, i8* %3, align 1 %131 = icmp eq i8 %130, 0 br i1 %131, label %150, label %132 %133 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %134 = icmp eq i8* %133, null br i1 %134, label %150, label %135 %136 = phi i8* [ %140, %139 ], [ %133, %132 ] %137 = call i32 @strcmp(i8* nonnull %136, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.43.8892, i64 0, i64 0)) #69 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %142 %140 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.13.8891, i64 0, i64 0)) #69 %141 = icmp eq i8* %140, null br i1 %141, label %150, label %135 %151 = phi i1 [ true, %126 ], [ true, %129 ], [ true, %132 ], [ false, %139 ] store i1 true, i1* @cgrp_dfl_visible, align 1 %152 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 %153 = and i32 %152, 2 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %157, !prof !17, !misexpect !8 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.8890, i64 0, i64 0), i32 561, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 260) #6, !srcloc !19 %156 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 3, i32 0, i32 7), align 4 br label %157 %158 = phi i32 [ %156, %155 ], [ %152, %150 ] %159 = and i32 %158, 1 %160 = icmp eq i32 %159, 0 br i1 %160, label %161, label %169 %170 = call %struct.dentry.81852* @cgroup_do_mount(%struct.file_system_type.81383* nonnull @cgroup2_fs_type, i32 %1, %struct.cgroup_root.81693* nonnull @cgrp_dfl_root, i64 1667723888, %struct.cgroup_namespace.81706* %10) #71 %171 = icmp ugt %struct.dentry.81852* %170, inttoptr (i64 -4096 to %struct.dentry.81852*) br i1 %171, label %185, label %172 %173 = load %struct.nsproxy.81707*, %struct.nsproxy.81707** %7, align 8 %174 = getelementptr inbounds %struct.nsproxy.81707, %struct.nsproxy.81707* %173, i64 0, i32 6 %175 = load %struct.cgroup_namespace.81706*, %struct.cgroup_namespace.81706** %174, align 8 %176 = icmp eq %struct.cgroup_namespace.81706* %175, @init_cgroup_ns br i1 %176, label %177, label %185 %178 = load i32, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br i1 %151, label %181, label %179 %182 = and i32 %178, -9 store i32 %182, i32* getelementptr inbounds (%struct.cgroup_root.81693, %struct.cgroup_root.81693* @cgrp_dfl_root, i64 0, i32 7), align 8 br label %185 %186 = phi %struct.dentry.81852* [ %184, %183 ], [ %170, %169 ], [ %170, %172 ], [ %170, %179 ], [ %170, %181 ] br i1 %11, label %193, label %187 %188 = getelementptr inbounds %struct.cgroup_namespace.81706, %struct.cgroup_namespace.81706* %10, i64 0, i32 0, i32 0, i32 0 %189 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %188, i32* %188) #6, !srcloc !6 %190 = and i8 %189, 1 %191 = icmp eq i8 %190, 0 br i1 %191, label %193, label %192 call void bitcast (void (%struct.cgroup_namespace.82422*)* @free_cgroup_ns to void (%struct.cgroup_namespace.81706*)*)(%struct.cgroup_namespace.81706* nonnull %10) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.82422, %struct.cgroup_namespace.82422* %0, i64 0, i32 4 %3 = load %struct.css_set.82421*, %struct.css_set.82421** %2, align 8 %4 = getelementptr inbounds %struct.css_set.82421, %struct.css_set.82421* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.81705*)* @put_css_set_locked to void (%struct.css_set.82421*)*)(%struct.css_set.82421* %3) #69 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 1, i32 0, i32 0 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %140, label %6 %7 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 10 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %13, label %12, !prof !5, !misexpect !6 br label %14 %15 = phi i64 [ %47, %46 ], [ 0, %13 ] %16 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 1 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 9, i64 %15, i32 0 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %18, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %16, align 8 %23 = getelementptr %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 0, i64 %15 %24 = load %struct.cgroup_subsys_state.81704*, %struct.cgroup_subsys_state.81704** %23, align 8 %25 = getelementptr inbounds %struct.cgroup_subsys_state.81704, %struct.cgroup_subsys_state.81704* %24, i64 0, i32 7 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %46 %47 = add nuw nsw i64 %15, 1 %48 = icmp eq i64 %47, 4 br i1 %48, label %49, label %14 %50 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12 %51 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 12, i32 1 %52 = load %struct.hlist_node**, %struct.hlist_node*** %51, align 8 %53 = icmp eq %struct.hlist_node** %52, null br i1 %53, label %64, label %54 %65 = load i32, i32* @css_set_count, align 4 %66 = add i32 %65, -1 store i32 %66, i32* @css_set_count, align 4 %67 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 13 %68 = bitcast %struct.list_head* %67 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %67, %70 br i1 %71, label %125, label %72 %73 = phi i8* [ %76, %122 ], [ %69, %64 ] %74 = getelementptr i8, i8* %73, i64 -32 %75 = bitcast i8* %73 to i8** %76 = load i8*, i8** %75, align 8 %77 = getelementptr i8, i8* %73, i64 -16 %78 = getelementptr i8, i8* %73, i64 -8 %79 = bitcast i8* %78 to %struct.list_head** %80 = load %struct.list_head*, %struct.list_head** %79, align 8 %81 = bitcast i8* %77 to %struct.list_head** %82 = load %struct.list_head*, %struct.list_head** %81, align 8 %83 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 1 store %struct.list_head* %80, %struct.list_head** %83, align 8 %84 = ptrtoint %struct.list_head* %82 to i64 %85 = bitcast %struct.list_head* %80 to i64* store volatile i64 %84, i64* %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %81, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %79, align 8 %86 = getelementptr inbounds i8, i8* %73, i64 8 %87 = bitcast i8* %86 to %struct.list_head** %88 = load %struct.list_head*, %struct.list_head** %87, align 8 %89 = bitcast i8* %73 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 1 store %struct.list_head* %88, %struct.list_head** %91, align 8 %92 = ptrtoint %struct.list_head* %90 to i64 %93 = bitcast %struct.list_head* %88 to i64* store volatile i64 %92, i64* %93, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %89, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %87, align 8 %94 = bitcast i8* %74 to %struct.cgroup.81698** %95 = load %struct.cgroup.81698*, %struct.cgroup.81698** %94, align 8 %96 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 12 %97 = bitcast %struct.cgroup_subsys_state.81704** %96 to %struct.cgroup.81698** %98 = load %struct.cgroup.81698*, %struct.cgroup.81698** %97, align 8 %99 = icmp eq %struct.cgroup.81698* %98, null br i1 %99, label %122, label %100 %101 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 7 %102 = load i32, i32* %101, align 4 %103 = and i32 %102, 1 %104 = icmp eq i32 %103, 0 br i1 %104, label %105, label %122 %106 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %107 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 1 %108 = load volatile i64, i64* %107, align 8 %109 = and i64 %108, 3 %110 = icmp eq i64 %109, 0 br i1 %110, label %111, label %113, !prof !5, !misexpect !6 %114 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %106, i64 0, i32 0, i32 0 %115 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %114, i64 1, i64* %114) #6, !srcloc !11 %116 = and i8 %115, 1 %117 = icmp eq i8 %116, 0 br i1 %117, label %121, label %118, !prof !5, !misexpect !6 %119 = getelementptr inbounds %struct.cgroup.81698, %struct.cgroup.81698* %95, i64 0, i32 0, i32 2, i32 2 %120 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %119, align 8 tail call void %120(%struct.percpu_ref* %106) #69 br label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %122 tail call void @kfree(i8* %74) #69 %123 = bitcast i8* %76 to %struct.list_head* %124 = icmp eq %struct.list_head* %67, %123 br i1 %124, label %125, label %72 %126 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 2 %127 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 %128 = icmp eq %struct.css_set.81705* %127, %0 br i1 %128, label %138, label %129 %130 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 1 %131 = load %struct.list_head*, %struct.list_head** %130, align 8 %132 = getelementptr inbounds %struct.css_set.81705, %struct.css_set.81705* %0, i64 0, i32 11, i32 0 %133 = load %struct.list_head*, %struct.list_head** %132, align 8 %134 = getelementptr inbounds %struct.list_head, %struct.list_head* %133, i64 0, i32 1 store %struct.list_head* %131, %struct.list_head** %134, align 8 %135 = ptrtoint %struct.list_head* %133 to i64 %136 = bitcast %struct.list_head* %131 to i64* store volatile i64 %135, i64* %136, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %132, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %130, align 8 %137 = load %struct.css_set.81705*, %struct.css_set.81705** %126, align 8 tail call void @put_css_set_locked(%struct.css_set.81705* %137) #70 ------------- Good: 158 Bad: 6 Ignored: 244 Check Use of Function:vfs_link Check Use of Function:audit_log_link_denied Check Use of Function:inode_owner_or_capable Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %41 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %41 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %96 = bitcast %struct.ext4_iloc.163098* %14 to i8* %97 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %96 = bitcast %struct.ext4_iloc.163098* %14 to i8* %97 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %292 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %292 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %303 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %303 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %816 = bitcast %struct.fsxattr* %20 to i8* %817 = inttoptr i64 %2 to i8* %818 = call i64 @_copy_from_user(i8* nonnull %816, i8* %817, i64 28) #70 %819 = icmp eq i64 %818, 0 br i1 %819, label %820, label %1016 %821 = call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %816 = bitcast %struct.fsxattr* %20 to i8* %817 = inttoptr i64 %2 to i8* %818 = call i64 @_copy_from_user(i8* nonnull %816, i8* %817, i64 28) #70 %819 = icmp eq i64 %818, 0 br i1 %819, label %820, label %1016 %821 = call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %8 = icmp eq i8* %4, null br i1 %8, label %15, label %9 %16 = phi %struct.posix_acl* [ %10, %9 ], [ null, %7 ] %17 = getelementptr inbounds %struct.xattr_handler.142233, %struct.xattr_handler.142233* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = tail call i32 @set_posix_acl(%struct.inode.142228* %2, i32 %18, %struct.posix_acl* %16) #69 Function:set_posix_acl %4 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 8 %5 = load %struct.super_block.142222*, %struct.super_block.142222** %4, align 8 %6 = getelementptr inbounds %struct.super_block.142222, %struct.super_block.142222* %5, i64 0, i32 10 %7 = load i64, i64* %6, align 16 %8 = and i64 %7, 65536 %9 = icmp eq i64 %8, 0 br i1 %9, label %85, label %10 %11 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 7 %12 = load %struct.inode_operations.142185*, %struct.inode_operations.142185** %11, align 8 %13 = getelementptr inbounds %struct.inode_operations.142185, %struct.inode_operations.142185* %12, i64 0, i32 20 %14 = load i32 (%struct.inode.142228*, %struct.posix_acl*, i32)*, i32 (%struct.inode.142228*, %struct.posix_acl*, i32)** %13, align 32 %15 = icmp eq i32 (%struct.inode.142228*, %struct.posix_acl*, i32)* %14, null br i1 %15, label %85, label %16 %17 = icmp eq i32 %1, 16384 br i1 %17, label %18, label %26 %19 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 0 %20 = load i16, i16* %19, align 8 %21 = and i16 %20, -4096 %22 = icmp eq i16 %21, 16384 br i1 %22, label %26, label %23 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.142228*)*)(%struct.inode.142228* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %8 = icmp eq i8* %4, null br i1 %8, label %15, label %9 %16 = phi %struct.posix_acl* [ %10, %9 ], [ null, %7 ] %17 = getelementptr inbounds %struct.xattr_handler.142233, %struct.xattr_handler.142233* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = tail call i32 @set_posix_acl(%struct.inode.142228* %2, i32 %18, %struct.posix_acl* %16) #69 Function:set_posix_acl %4 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 8 %5 = load %struct.super_block.142222*, %struct.super_block.142222** %4, align 8 %6 = getelementptr inbounds %struct.super_block.142222, %struct.super_block.142222* %5, i64 0, i32 10 %7 = load i64, i64* %6, align 16 %8 = and i64 %7, 65536 %9 = icmp eq i64 %8, 0 br i1 %9, label %85, label %10 %11 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 7 %12 = load %struct.inode_operations.142185*, %struct.inode_operations.142185** %11, align 8 %13 = getelementptr inbounds %struct.inode_operations.142185, %struct.inode_operations.142185* %12, i64 0, i32 20 %14 = load i32 (%struct.inode.142228*, %struct.posix_acl*, i32)*, i32 (%struct.inode.142228*, %struct.posix_acl*, i32)** %13, align 32 %15 = icmp eq i32 (%struct.inode.142228*, %struct.posix_acl*, i32)* %14, null br i1 %15, label %85, label %16 %17 = icmp eq i32 %1, 16384 br i1 %17, label %18, label %26 %19 = getelementptr inbounds %struct.inode.142228, %struct.inode.142228* %0, i64 0, i32 0 %20 = load i16, i16* %19, align 8 %21 = and i16 %20, -4096 %22 = icmp eq i16 %21, 16384 br i1 %22, label %26, label %23 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.142228*)*)(%struct.inode.142228* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 xattr_permission 1 vfs_getxattr 2 getxattr 3 __ia32_sys_fgetxattr ------------- Path:  Function:__ia32_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = inttoptr i64 %9 to i8* %16 = tail call i64 @__fdget(i32 %13) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.128583* %19 = icmp eq i64 %17, 0 br i1 %19, label %37, label %20 %21 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %21, i64 0, i32 96 %23 = load %struct.audit_context*, %struct.audit_context** %22, align 32 %24 = icmp eq %struct.audit_context* %23, null br i1 %24, label %30, label %25 %26 = bitcast %struct.audit_context* %23 to i32* %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %18) #69 br label %30 %31 = getelementptr inbounds %struct.file.128583, %struct.file.128583* %18, i64 0, i32 1, i32 1 %32 = load %struct.dentry.128731*, %struct.dentry.128731** %31, align 8 %33 = tail call fastcc i64 @getxattr(%struct.dentry.128731* %32, i8* %14, i8* %15, i64 %12) #69 Function:getxattr %5 = alloca [256 x i8], align 16 %6 = getelementptr inbounds [256 x i8], [256 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 256) #69 %8 = and i64 %7, -257 %9 = icmp eq i64 %8, 0 %10 = select i1 %9, i64 -34, i64 %7 %11 = icmp slt i64 %10, 0 br i1 %11, label %44, label %12 %13 = icmp eq i64 %3, 0 br i1 %13, label %19, label %14 %15 = icmp ult i64 %3, 65536 %16 = select i1 %15, i64 %3, i64 65536 %17 = call i8* @kvmalloc_node(i64 %16, i32 6324416, i32 -1) #69 %18 = icmp eq i8* %17, null br i1 %18, label %44, label %19 %20 = phi i64 [ %16, %14 ], [ 0, %12 ] %21 = phi i8* [ %17, %14 ], [ null, %12 ] %22 = call i64 @vfs_getxattr(%struct.dentry.128731* %0, i8* nonnull %6, i8* %21, i64 %20) #70 Function:vfs_getxattr %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.dentry.128731, %struct.dentry.128731* %0, i64 0, i32 5 %7 = load %struct.inode.128744*, %struct.inode.128744** %6, align 8 %8 = tail call fastcc i32 @xattr_permission(%struct.inode.128744* %7, i8* %1, i32 4) #69 Function:xattr_permission %4 = and i32 %2, 2 %5 = icmp eq i32 %4, 0 br i1 %5, label %19, label %6 %20 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(10) getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.14734, i64 0, i64 0), i64 9) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %49, label %22 %23 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.14736, i64 0, i64 0), i64 7) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %49, label %25 %26 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.14737, i64 0, i64 0), i64 8) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %33 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.6.14738, i64 0, i64 0), i64 5) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %47 %36 = getelementptr inbounds %struct.inode.128744, %struct.inode.128744* %0, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 switch i16 %38, label %39 [ i16 -32768, label %41 i16 16384, label %41 ] %42 = and i16 %37, -3584 %43 = icmp ne i16 %42, 16896 %44 = or i1 %5, %43 br i1 %44, label %47, label %45 %46 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.128744*)*)(%struct.inode.128744* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 xattr_permission 1 vfs_getxattr 2 getxattr 3 __x64_sys_fgetxattr ------------- Path:  Function:__x64_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call i64 @__fdget(i32 %12) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.128583* %16 = icmp eq i64 %14, 0 br i1 %16, label %34, label %17 %18 = tail call %struct.task_struct.128852* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.128852** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.128852**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.128852, %struct.task_struct.128852* %18, i64 0, i32 96 %20 = load %struct.audit_context*, %struct.audit_context** %19, align 32 %21 = icmp eq %struct.audit_context* %20, null br i1 %21, label %27, label %22 %23 = bitcast %struct.audit_context* %20 to i32* %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %27, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.39652*)* @__audit_file to void (%struct.file.128583*)*)(%struct.file.128583* nonnull %15) #69 br label %27 %28 = getelementptr inbounds %struct.file.128583, %struct.file.128583* %15, i64 0, i32 1, i32 1 %29 = load %struct.dentry.128731*, %struct.dentry.128731** %28, align 8 %30 = tail call fastcc i64 @getxattr(%struct.dentry.128731* %29, i8* %6, i8* %9, i64 %11) #69 Function:getxattr %5 = alloca [256 x i8], align 16 %6 = getelementptr inbounds [256 x i8], [256 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 256) #69 %8 = and i64 %7, -257 %9 = icmp eq i64 %8, 0 %10 = select i1 %9, i64 -34, i64 %7 %11 = icmp slt i64 %10, 0 br i1 %11, label %44, label %12 %13 = icmp eq i64 %3, 0 br i1 %13, label %19, label %14 %15 = icmp ult i64 %3, 65536 %16 = select i1 %15, i64 %3, i64 65536 %17 = call i8* @kvmalloc_node(i64 %16, i32 6324416, i32 -1) #69 %18 = icmp eq i8* %17, null br i1 %18, label %44, label %19 %20 = phi i64 [ %16, %14 ], [ 0, %12 ] %21 = phi i8* [ %17, %14 ], [ null, %12 ] %22 = call i64 @vfs_getxattr(%struct.dentry.128731* %0, i8* nonnull %6, i8* %21, i64 %20) #70 Function:vfs_getxattr %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.dentry.128731, %struct.dentry.128731* %0, i64 0, i32 5 %7 = load %struct.inode.128744*, %struct.inode.128744** %6, align 8 %8 = tail call fastcc i32 @xattr_permission(%struct.inode.128744* %7, i8* %1, i32 4) #69 Function:xattr_permission %4 = and i32 %2, 2 %5 = icmp eq i32 %4, 0 br i1 %5, label %19, label %6 %20 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(10) getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.14734, i64 0, i64 0), i64 9) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %49, label %22 %23 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.14736, i64 0, i64 0), i64 7) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %49, label %25 %26 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.14737, i64 0, i64 0), i64 8) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %33 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.6.14738, i64 0, i64 0), i64 5) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %47 %36 = getelementptr inbounds %struct.inode.128744, %struct.inode.128744* %0, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 switch i16 %38, label %39 [ i16 -32768, label %41 i16 16384, label %41 ] %42 = and i16 %37, -3584 %43 = icmp ne i16 %42, 16896 %44 = or i1 %5, %43 br i1 %44, label %47, label %45 %46 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.128744*)*)(%struct.inode.128744* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 9 %4 = load %struct.super_block.173881*, %struct.super_block.173881** %3, align 8 %5 = getelementptr inbounds %struct.super_block.173881, %struct.super_block.173881* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.msdos_sb_info.173944** %7 = load %struct.msdos_sb_info.173944*, %struct.msdos_sb_info.173944** %6, align 64 %8 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 5 %9 = load %struct.inode.173900*, %struct.inode.173900** %8, align 8 %10 = getelementptr inbounds %struct.iattr.173560, %struct.iattr.173560* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.173944, %struct.msdos_sb_info.173944* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.173842* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.173842** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.173842**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.173842, %struct.task_struct.173842* %17, i64 0, i32 78 %19 = load %struct.cred.173668*, %struct.cred.173668** %18, align 16 %20 = getelementptr inbounds %struct.cred.173668, %struct.cred.173668* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.173904*, %struct.iattr.173560*)*)(%struct.dentry.173904* %0, %struct.iattr.173560* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 9 %4 = load %struct.super_block.173881*, %struct.super_block.173881** %3, align 8 %5 = getelementptr inbounds %struct.super_block.173881, %struct.super_block.173881* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.msdos_sb_info.173944** %7 = load %struct.msdos_sb_info.173944*, %struct.msdos_sb_info.173944** %6, align 64 %8 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 5 %9 = load %struct.inode.173900*, %struct.inode.173900** %8, align 8 %10 = getelementptr inbounds %struct.iattr.173560, %struct.iattr.173560* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.173944, %struct.msdos_sb_info.173944* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.173842* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.173842** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.173842**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.173842, %struct.task_struct.173842* %17, i64 0, i32 78 %19 = load %struct.cred.173668*, %struct.cred.173668** %18, align 16 %20 = getelementptr inbounds %struct.cred.173668, %struct.cred.173668* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.173904*, %struct.iattr.173560*)*)(%struct.dentry.173904* %0, %struct.iattr.173560* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.162165, %struct.dentry.162165* %0, i64 0, i32 5 %4 = load %struct.inode.162177*, %struct.inode.162177** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162167, %struct.iattr.162167* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 8 %8 = load %struct.super_block.162162*, %struct.super_block.162162** %7, align 8 %9 = getelementptr inbounds %struct.super_block.162162, %struct.super_block.162162* %8, i64 0, i32 30 %10 = bitcast i8** %9 to %struct.ext4_sb_info.162709** %11 = load %struct.ext4_sb_info.162709*, %struct.ext4_sb_info.162709** %10, align 64 %12 = getelementptr inbounds %struct.ext4_sb_info.162709, %struct.ext4_sb_info.162709* %11, i64 0, i32 48 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %404, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %404, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %404, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.162165*, %struct.iattr.162167*)*)(%struct.dentry.162165* %0, %struct.iattr.162167* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.162165, %struct.dentry.162165* %0, i64 0, i32 5 %4 = load %struct.inode.162177*, %struct.inode.162177** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162167, %struct.iattr.162167* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 8 %8 = load %struct.super_block.162162*, %struct.super_block.162162** %7, align 8 %9 = getelementptr inbounds %struct.super_block.162162, %struct.super_block.162162* %8, i64 0, i32 30 %10 = bitcast i8** %9 to %struct.ext4_sb_info.162709** %11 = load %struct.ext4_sb_info.162709*, %struct.ext4_sb_info.162709** %10, align 64 %12 = getelementptr inbounds %struct.ext4_sb_info.162709, %struct.ext4_sb_info.162709* %11, i64 0, i32 48 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %404, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %404, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %404, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.162165*, %struct.iattr.162167*)*)(%struct.dentry.162165* %0, %struct.iattr.162167* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr inbounds %struct.iattr.146670, %struct.iattr.146670* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr inbounds %struct.iattr.146670, %struct.iattr.146670* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.147384, %struct.dentry.147384* %0, i64 0, i32 5 %4 = load %struct.inode.147380*, %struct.inode.147380** %3, align 8 %5 = getelementptr inbounds %struct.iattr.147385, %struct.iattr.147385* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.147384*, %struct.iattr.147385*)*)(%struct.dentry.147384* %0, %struct.iattr.147385* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.147384, %struct.dentry.147384* %0, i64 0, i32 5 %4 = load %struct.inode.147380*, %struct.inode.147380** %3, align 8 %5 = getelementptr inbounds %struct.iattr.147385, %struct.iattr.147385* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.147384*, %struct.iattr.147385*)*)(%struct.dentry.147384* %0, %struct.iattr.147385* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.172726, %struct.dentry.172726* %0, i64 0, i32 5 %4 = load %struct.inode.172722*, %struct.inode.172722** %3, align 8 %5 = getelementptr inbounds %struct.inode.172722, %struct.inode.172722* %4, i64 0, i32 8 %6 = load %struct.super_block.172704*, %struct.super_block.172704** %5, align 8 %7 = getelementptr inbounds %struct.super_block.172704, %struct.super_block.172704* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 64 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.172359, %struct.iattr.172359* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.172722, %struct.inode.172722* %4, i64 -1, i32 45 %15 = icmp eq %struct.inode.172722* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.172726*, %struct.iattr.172359*)*)(%struct.dentry.172726* %0, %struct.iattr.172359* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.172726, %struct.dentry.172726* %0, i64 0, i32 5 %4 = load %struct.inode.172722*, %struct.inode.172722** %3, align 8 %5 = getelementptr inbounds %struct.inode.172722, %struct.inode.172722* %4, i64 0, i32 8 %6 = load %struct.super_block.172704*, %struct.super_block.172704** %5, align 8 %7 = getelementptr inbounds %struct.super_block.172704, %struct.super_block.172704* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 64 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.172359, %struct.iattr.172359* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.172722, %struct.inode.172722* %4, i64 -1, i32 45 %15 = icmp eq %struct.inode.172722* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.172726*, %struct.iattr.172359*)*)(%struct.dentry.172726* %0, %struct.iattr.172359* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %3 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.230517*, %struct.iattr.230519*)*)(%struct.dentry.230517* %0, %struct.iattr.230519* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 generic_file_write_iter ------------- Path:  Function:generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 24 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %9) #69 %10 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 19 %12 = load %struct.address_space.100583*, %struct.address_space.100583** %11, align 8 %13 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %12, i64 0, i32 0 %14 = load %struct.inode.100633*, %struct.inode.100633** %13, align 8 %15 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %15, i64 0, i32 86 %17 = load %struct.signal_struct.100439*, %struct.signal_struct.100439** %16, align 64 %18 = getelementptr %struct.signal_struct.100439, %struct.signal_struct.100439* %17, i64 0, i32 50, i64 1, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %81, label %23 %24 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %31 %32 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = phi i64 [ %30, %28 ], [ %33, %31 ] %37 = and i32 %25, 132 %38 = icmp eq i32 %37, 128 br i1 %38, label %81, label %39 %40 = icmp eq i64 %19, -1 br i1 %40, label %41, label %43 %44 = icmp ugt i64 %19, %36 br i1 %44, label %47, label %45 %48 = sub i64 %19, %36 %49 = load i64, i64* %20, align 8 %50 = icmp ugt i64 %49, %48 br i1 %50, label %51, label %52 store i64 %48, i64* %20, align 8 br label %52 %53 = phi i64 [ %42, %41 ], [ %48, %51 ], [ %49, %47 ] %54 = add i64 %53, %36 %55 = icmp ugt i64 %54, 2147483647 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 7 %58 = load i32, i32* %57, align 8 %59 = trunc i32 %58 to i16 %60 = icmp slt i16 %59, 0 br i1 %60, label %67, label %61, !prof !5, !misexpect !6 %62 = icmp ugt i64 %36, 2147483646 br i1 %62, label %81, label %63 %64 = sub nuw nsw i64 2147483647, %36 %65 = icmp ugt i64 %53, %64 br i1 %65, label %66, label %67 store i64 %64, i64* %20, align 8 br label %67 %68 = phi i64 [ %64, %66 ], [ %53, %63 ], [ %53, %52 ], [ %53, %56 ] %69 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 8 %70 = load %struct.super_block.100615*, %struct.super_block.100615** %69, align 8 %71 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = icmp sgt i64 %72, %36 br i1 %73, label %74, label %81, !prof !5, !misexpect !6 %75 = sub i64 %72, %36 %76 = icmp ugt i64 %68, %75 br i1 %76, label %77, label %78 %79 = phi i64 [ %68, %74 ], [ %75, %77 ] %80 = icmp sgt i64 %79, 0 br i1 %80, label %83, label %81 %84 = tail call i64 @__generic_file_write_iter(%struct.kiocb.100573* %0, %struct.iov_iter* %1) #70 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %5 = load %struct.file.133631*, %struct.file.133631** %4, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %5, i64 0, i32 19 %7 = load %struct.address_space.133508*, %struct.address_space.133508** %6, align 8 %8 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %7, i64 0, i32 0 %9 = load %struct.inode.133641*, %struct.inode.133641** %8, align 8 %10 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.133641, %struct.inode.133641* %9, i64 -1, i32 40 %14 = bitcast %struct.address_space.133508* %13 to %struct.block_device.133500* %15 = tail call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.133500*)*)(%struct.block_device.133500* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %59 %18 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %59, label %21 %22 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp sgt i64 %11, %23 br i1 %24, label %25, label %59 %26 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 4 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 132 %29 = icmp eq i32 %28, 128 br i1 %29, label %59, label %30 %31 = sub i64 %11, %23 %32 = icmp ugt i64 %19, %31 br i1 %32, label %33, label %35 %34 = sub i64 %19, %31 store i64 %31, i64* %18, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ 0, %30 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %37 = call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 9 %4 = load %struct.super_block.173881*, %struct.super_block.173881** %3, align 8 %5 = getelementptr inbounds %struct.super_block.173881, %struct.super_block.173881* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.msdos_sb_info.173944** %7 = load %struct.msdos_sb_info.173944*, %struct.msdos_sb_info.173944** %6, align 64 %8 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 5 %9 = load %struct.inode.173900*, %struct.inode.173900** %8, align 8 %10 = getelementptr inbounds %struct.iattr.173560, %struct.iattr.173560* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.173944, %struct.msdos_sb_info.173944* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.173842* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.173842** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.173842**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.173842, %struct.task_struct.173842* %17, i64 0, i32 78 %19 = load %struct.cred.173668*, %struct.cred.173668** %18, align 16 %20 = getelementptr inbounds %struct.cred.173668, %struct.cred.173668* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.173904*, %struct.iattr.173560*)*)(%struct.dentry.173904* %0, %struct.iattr.173560* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 9 %4 = load %struct.super_block.173881*, %struct.super_block.173881** %3, align 8 %5 = getelementptr inbounds %struct.super_block.173881, %struct.super_block.173881* %4, i64 0, i32 30 %6 = bitcast i8** %5 to %struct.msdos_sb_info.173944** %7 = load %struct.msdos_sb_info.173944*, %struct.msdos_sb_info.173944** %6, align 64 %8 = getelementptr inbounds %struct.dentry.173904, %struct.dentry.173904* %0, i64 0, i32 5 %9 = load %struct.inode.173900*, %struct.inode.173900** %8, align 8 %10 = getelementptr inbounds %struct.iattr.173560, %struct.iattr.173560* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.173944, %struct.msdos_sb_info.173944* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.173842* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.173842** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.173842**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.173842, %struct.task_struct.173842* %17, i64 0, i32 78 %19 = load %struct.cred.173668*, %struct.cred.173668** %18, align 16 %20 = getelementptr inbounds %struct.cred.173668, %struct.cred.173668* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.173900, %struct.inode.173900* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.173904*, %struct.iattr.173560*)*)(%struct.dentry.173904* %0, %struct.iattr.173560* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.162165, %struct.dentry.162165* %0, i64 0, i32 5 %4 = load %struct.inode.162177*, %struct.inode.162177** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162167, %struct.iattr.162167* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 8 %8 = load %struct.super_block.162162*, %struct.super_block.162162** %7, align 8 %9 = getelementptr inbounds %struct.super_block.162162, %struct.super_block.162162* %8, i64 0, i32 30 %10 = bitcast i8** %9 to %struct.ext4_sb_info.162709** %11 = load %struct.ext4_sb_info.162709*, %struct.ext4_sb_info.162709** %10, align 64 %12 = getelementptr inbounds %struct.ext4_sb_info.162709, %struct.ext4_sb_info.162709* %11, i64 0, i32 48 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %404, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %404, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %404, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.162165*, %struct.iattr.162167*)*)(%struct.dentry.162165* %0, %struct.iattr.162167* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.162165, %struct.dentry.162165* %0, i64 0, i32 5 %4 = load %struct.inode.162177*, %struct.inode.162177** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162167, %struct.iattr.162167* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 8 %8 = load %struct.super_block.162162*, %struct.super_block.162162** %7, align 8 %9 = getelementptr inbounds %struct.super_block.162162, %struct.super_block.162162* %8, i64 0, i32 30 %10 = bitcast i8** %9 to %struct.ext4_sb_info.162709** %11 = load %struct.ext4_sb_info.162709*, %struct.ext4_sb_info.162709** %10, align 64 %12 = getelementptr inbounds %struct.ext4_sb_info.162709, %struct.ext4_sb_info.162709* %11, i64 0, i32 48 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %404, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %404, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %404, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.162165*, %struct.iattr.162167*)*)(%struct.dentry.162165* %0, %struct.iattr.162167* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr inbounds %struct.iattr.146670, %struct.iattr.146670* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr inbounds %struct.iattr.146670, %struct.iattr.146670* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.147384, %struct.dentry.147384* %0, i64 0, i32 5 %4 = load %struct.inode.147380*, %struct.inode.147380** %3, align 8 %5 = getelementptr inbounds %struct.iattr.147385, %struct.iattr.147385* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.147384*, %struct.iattr.147385*)*)(%struct.dentry.147384* %0, %struct.iattr.147385* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.147384, %struct.dentry.147384* %0, i64 0, i32 5 %4 = load %struct.inode.147380*, %struct.inode.147380** %3, align 8 %5 = getelementptr inbounds %struct.iattr.147385, %struct.iattr.147385* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.147384*, %struct.iattr.147385*)*)(%struct.dentry.147384* %0, %struct.iattr.147385* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.172726, %struct.dentry.172726* %0, i64 0, i32 5 %4 = load %struct.inode.172722*, %struct.inode.172722** %3, align 8 %5 = getelementptr inbounds %struct.inode.172722, %struct.inode.172722* %4, i64 0, i32 8 %6 = load %struct.super_block.172704*, %struct.super_block.172704** %5, align 8 %7 = getelementptr inbounds %struct.super_block.172704, %struct.super_block.172704* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 64 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.172359, %struct.iattr.172359* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.172722, %struct.inode.172722* %4, i64 -1, i32 45 %15 = icmp eq %struct.inode.172722* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.172726*, %struct.iattr.172359*)*)(%struct.dentry.172726* %0, %struct.iattr.172359* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.172726, %struct.dentry.172726* %0, i64 0, i32 5 %4 = load %struct.inode.172722*, %struct.inode.172722** %3, align 8 %5 = getelementptr inbounds %struct.inode.172722, %struct.inode.172722* %4, i64 0, i32 8 %6 = load %struct.super_block.172704*, %struct.super_block.172704** %5, align 8 %7 = getelementptr inbounds %struct.super_block.172704, %struct.super_block.172704* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 64 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.172359, %struct.iattr.172359* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.172722, %struct.inode.172722* %4, i64 -1, i32 45 %15 = icmp eq %struct.inode.172722* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.172726*, %struct.iattr.172359*)*)(%struct.dentry.172726* %0, %struct.iattr.172359* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %3 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.230517*, %struct.iattr.230519*)*)(%struct.dentry.230517* %0, %struct.iattr.230519* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 generic_file_write_iter ------------- Path:  Function:generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 24 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %9) #69 %10 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 19 %12 = load %struct.address_space.100583*, %struct.address_space.100583** %11, align 8 %13 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %12, i64 0, i32 0 %14 = load %struct.inode.100633*, %struct.inode.100633** %13, align 8 %15 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %15, i64 0, i32 86 %17 = load %struct.signal_struct.100439*, %struct.signal_struct.100439** %16, align 64 %18 = getelementptr %struct.signal_struct.100439, %struct.signal_struct.100439* %17, i64 0, i32 50, i64 1, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %81, label %23 %24 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %31 %32 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = phi i64 [ %30, %28 ], [ %33, %31 ] %37 = and i32 %25, 132 %38 = icmp eq i32 %37, 128 br i1 %38, label %81, label %39 %40 = icmp eq i64 %19, -1 br i1 %40, label %41, label %43 %44 = icmp ugt i64 %19, %36 br i1 %44, label %47, label %45 %48 = sub i64 %19, %36 %49 = load i64, i64* %20, align 8 %50 = icmp ugt i64 %49, %48 br i1 %50, label %51, label %52 store i64 %48, i64* %20, align 8 br label %52 %53 = phi i64 [ %42, %41 ], [ %48, %51 ], [ %49, %47 ] %54 = add i64 %53, %36 %55 = icmp ugt i64 %54, 2147483647 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 7 %58 = load i32, i32* %57, align 8 %59 = trunc i32 %58 to i16 %60 = icmp slt i16 %59, 0 br i1 %60, label %67, label %61, !prof !5, !misexpect !6 %62 = icmp ugt i64 %36, 2147483646 br i1 %62, label %81, label %63 %64 = sub nuw nsw i64 2147483647, %36 %65 = icmp ugt i64 %53, %64 br i1 %65, label %66, label %67 store i64 %64, i64* %20, align 8 br label %67 %68 = phi i64 [ %64, %66 ], [ %53, %63 ], [ %53, %52 ], [ %53, %56 ] %69 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 8 %70 = load %struct.super_block.100615*, %struct.super_block.100615** %69, align 8 %71 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = icmp sgt i64 %72, %36 br i1 %73, label %74, label %81, !prof !5, !misexpect !6 %75 = sub i64 %72, %36 %76 = icmp ugt i64 %68, %75 br i1 %76, label %77, label %78 %79 = phi i64 [ %68, %74 ], [ %75, %77 ] %80 = icmp sgt i64 %79, 0 br i1 %80, label %83, label %81 %84 = tail call i64 @__generic_file_write_iter(%struct.kiocb.100573* %0, %struct.iov_iter* %1) #70 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %5 = load %struct.file.133631*, %struct.file.133631** %4, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %5, i64 0, i32 19 %7 = load %struct.address_space.133508*, %struct.address_space.133508** %6, align 8 %8 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %7, i64 0, i32 0 %9 = load %struct.inode.133641*, %struct.inode.133641** %8, align 8 %10 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.133641, %struct.inode.133641* %9, i64 -1, i32 40 %14 = bitcast %struct.address_space.133508* %13 to %struct.block_device.133500* %15 = tail call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.133500*)*)(%struct.block_device.133500* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %59 %18 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %59, label %21 %22 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp sgt i64 %11, %23 br i1 %24, label %25, label %59 %26 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 4 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 132 %29 = icmp eq i32 %28, 128 br i1 %29, label %59, label %30 %31 = sub i64 %11, %23 %32 = icmp ugt i64 %19, %31 br i1 %32, label %33, label %35 %34 = sub i64 %19, %31 store i64 %31, i64* %18, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ 0, %30 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %37 = call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.124077*, i32)* @inode_permission to i32 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %233 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 br i1 %58, label %59, label %62 %63 = and i32 %9, 256 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %68 %69 = and i32 %9, 16384 %70 = icmp eq i32 %69, 0 br i1 %70, label %80, label %71 %81 = phi i32 [ %36, %68 ], [ %36, %74 ], [ %79, %76 ] %82 = phi i32 [ %9, %68 ], [ %9, %74 ], [ %78, %76 ] %83 = and i32 %82, 6144 %84 = icmp eq i32 %83, 0 %85 = icmp eq i32 %81, 0 %86 = or i1 %84, %85 br i1 %86, label %88, label %87 %89 = and i32 %82, 2048 %90 = icmp eq i32 %89, 0 %91 = and i16 %7, 2048 %92 = icmp eq i16 %91, 0 %93 = or i1 %92, %90 br i1 %93, label %100, label %94 %101 = phi i32 [ %96, %94 ], [ %82, %88 ] %102 = and i32 %101, 4096 %103 = icmp ne i32 %102, 0 %104 = and i16 %7, 1032 %105 = icmp eq i16 %104, 1032 %106 = and i1 %105, %103 br i1 %106, label %107, label %123 %124 = phi i32 [ %120, %118 ], [ %101, %100 ] %125 = load i32, i32* %8, align 8 %126 = and i32 %125, -6145 %127 = icmp eq i32 %126, 0 br i1 %127, label %233, label %128 %129 = and i32 %124, 2 %130 = icmp eq i32 %129, 0 br i1 %130, label %135, label %131 %132 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %133 = load i32, i32* %132, align 8 %134 = icmp eq i32 %133, -1 br i1 %134, label %233, label %135 %136 = and i32 %124, 4 %137 = icmp eq i32 %136, 0 br i1 %137, label %142, label %138 %139 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %140 = load i32, i32* %139, align 4 %141 = icmp eq i32 %140, -1 br i1 %141, label %233, label %142 br i1 %130, label %143, label %147 %144 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 2, i32 0 %145 = load i32, i32* %144, align 4 %146 = icmp eq i32 %145, -1 br i1 %146, label %233, label %147 br i1 %137, label %148, label %152 %149 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 3, i32 0 %150 = load i32, i32* %149, align 8 %151 = icmp eq i32 %150, -1 br i1 %151, label %233, label %152 %153 = tail call i32 bitcast (i32 (%struct.dentry.229191*, %struct.iattr.229193*)* @security_inode_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %233 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %156 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 39 %157 = load %struct.file_lock_context*, %struct.file_lock_context** %156, align 8 %158 = icmp eq %struct.file_lock_context* %157, null br i1 %158, label %176, label %159 %177 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 7 %178 = load %struct.inode_operations.126749*, %struct.inode_operations.126749** %177, align 8 %179 = getelementptr inbounds %struct.inode_operations.126749, %struct.inode_operations.126749* %178, i64 0, i32 13 %180 = bitcast {}** %179 to i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %181 = load i32 (%struct.dentry.126744*, %struct.iattr.126855*)*, i32 (%struct.dentry.126744*, %struct.iattr.126855*)** %180, align 8 %182 = icmp eq i32 (%struct.dentry.126744*, %struct.iattr.126855*)* %181, null br i1 %182, label %185, label %183 %186 = tail call i32 bitcast (i32 (%struct.dentry.129187*, %struct.iattr.129176*)* @simple_setattr to i32 (%struct.dentry.126744*, %struct.iattr.126855*)*)(%struct.dentry.126744* %0, %struct.iattr.126855* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %0, i64 0, i32 5 %4 = load %struct.inode.129184*, %struct.inode.129184** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.129187*, %struct.iattr.129176*)*)(%struct.dentry.129187* %0, %struct.iattr.129176* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %0, i64 0, i32 5 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.146668*, %struct.iattr.146670*)*)(%struct.dentry.146668* %0, %struct.iattr.146670* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %0, i64 0, i32 5 %4 = load %struct.inode.105188*, %struct.inode.105188** %3, align 8 %5 = getelementptr %struct.inode.105188, %struct.inode.105188* %4, i64 -1, i32 40, i32 8 %6 = bitcast %struct.address_space_operations.105048** %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*)* @setattr_prepare to i32 (%struct.dentry.105192*, %struct.iattr.104780*)*)(%struct.dentry.105192* %0, %struct.iattr.104780* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %4 = load %struct.inode.126756*, %struct.inode.126756** %3, align 8 %5 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %46, i64 0, i32 78 %48 = load %struct.cred.126671*, %struct.cred.126671** %47, align 16 %49 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.126854* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.126854** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.126854**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.126854, %struct.task_struct.126854* %73, i64 0, i32 78 %75 = load %struct.cred.126671*, %struct.cred.126671** %74, align 16 %76 = getelementptr inbounds %struct.cred.126671, %struct.cred.126671* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.39644*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.126756*, i32)*)(%struct.inode.126756* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 8 %96 = load %struct.super_block.126741*, %struct.super_block.126741** %95, align 8 %97 = getelementptr inbounds %struct.super_block.126741, %struct.super_block.126741* %96, i64 0, i32 44 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 generic_file_write_iter ------------- Path:  Function:generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 24 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %9) #69 %10 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 19 %12 = load %struct.address_space.100583*, %struct.address_space.100583** %11, align 8 %13 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %12, i64 0, i32 0 %14 = load %struct.inode.100633*, %struct.inode.100633** %13, align 8 %15 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %15, i64 0, i32 86 %17 = load %struct.signal_struct.100439*, %struct.signal_struct.100439** %16, align 64 %18 = getelementptr %struct.signal_struct.100439, %struct.signal_struct.100439* %17, i64 0, i32 50, i64 1, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %81, label %23 %24 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %31 %32 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = phi i64 [ %30, %28 ], [ %33, %31 ] %37 = and i32 %25, 132 %38 = icmp eq i32 %37, 128 br i1 %38, label %81, label %39 %40 = icmp eq i64 %19, -1 br i1 %40, label %41, label %43 %44 = icmp ugt i64 %19, %36 br i1 %44, label %47, label %45 %48 = sub i64 %19, %36 %49 = load i64, i64* %20, align 8 %50 = icmp ugt i64 %49, %48 br i1 %50, label %51, label %52 store i64 %48, i64* %20, align 8 br label %52 %53 = phi i64 [ %42, %41 ], [ %48, %51 ], [ %49, %47 ] %54 = add i64 %53, %36 %55 = icmp ugt i64 %54, 2147483647 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %10, i64 0, i32 7 %58 = load i32, i32* %57, align 8 %59 = trunc i32 %58 to i16 %60 = icmp slt i16 %59, 0 br i1 %60, label %67, label %61, !prof !5, !misexpect !6 %62 = icmp ugt i64 %36, 2147483646 br i1 %62, label %81, label %63 %64 = sub nuw nsw i64 2147483647, %36 %65 = icmp ugt i64 %53, %64 br i1 %65, label %66, label %67 store i64 %64, i64* %20, align 8 br label %67 %68 = phi i64 [ %64, %66 ], [ %53, %63 ], [ %53, %52 ], [ %53, %56 ] %69 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %14, i64 0, i32 8 %70 = load %struct.super_block.100615*, %struct.super_block.100615** %69, align 8 %71 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = icmp sgt i64 %72, %36 br i1 %73, label %74, label %81, !prof !5, !misexpect !6 %75 = sub i64 %72, %36 %76 = icmp ugt i64 %68, %75 br i1 %76, label %77, label %78 %79 = phi i64 [ %68, %74 ], [ %75, %77 ] %80 = icmp sgt i64 %79, 0 br i1 %80, label %83, label %81 %84 = tail call i64 @__generic_file_write_iter(%struct.kiocb.100573* %0, %struct.iov_iter* %1) #70 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %5 = load %struct.file.133631*, %struct.file.133631** %4, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %5, i64 0, i32 19 %7 = load %struct.address_space.133508*, %struct.address_space.133508** %6, align 8 %8 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %7, i64 0, i32 0 %9 = load %struct.inode.133641*, %struct.inode.133641** %8, align 8 %10 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.133641, %struct.inode.133641* %9, i64 -1, i32 40 %14 = bitcast %struct.address_space.133508* %13 to %struct.block_device.133500* %15 = tail call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.133500*)*)(%struct.block_device.133500* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %59 %18 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %59, label %21 %22 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp sgt i64 %11, %23 br i1 %24, label %25, label %59 %26 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 4 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 132 %29 = icmp eq i32 %28, 128 br i1 %29, label %59, label %30 %31 = sub i64 %11, %23 %32 = icmp ugt i64 %19, %31 br i1 %32, label %33, label %35 %34 = sub i64 %19, %31 store i64 %31, i64* %18, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ 0, %30 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %37 = call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %4 = load %struct.file.100641*, %struct.file.100641** %3, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %4, i64 0, i32 19 %6 = load %struct.address_space.100583*, %struct.address_space.100583** %5, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %6, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = icmp eq %struct.inode.100633* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.100513* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %24, i64 0, i32 112 store %struct.backing_dev_info.100513* %23, %struct.backing_dev_info.100513** %25, align 32 %26 = tail call i32 bitcast (i32 (%struct.file.126489*)* @file_remove_privs to i32 (%struct.file.100641*)*)(%struct.file.100641* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.126526, align 8 %3 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.126524*, %struct.dentry.126524** %3, align 8 %5 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.126524* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.126489, %struct.file.126489* %0, i64 0, i32 2 %20 = load %struct.inode.126536*, %struct.inode.126536** %19, align 8 %21 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %18, i64 0, i32 5 %32 = load %struct.inode.126536*, %struct.inode.126536** %31, align 8 %33 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.229191*)* @security_inode_need_killpriv to i32 (%struct.dentry.126524*)*)(%struct.dentry.126524* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.126526* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.126526, %struct.iattr.126526* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.126744*, %struct.iattr.126855*, %struct.inode.126756**)* @notify_change to i32 (%struct.dentry.126524*, %struct.iattr.126526*, %struct.inode.126536**)*)(%struct.dentry.126524* %18, %struct.iattr.126526* nonnull %2, %struct.inode.126536** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.126744, %struct.dentry.126744* %0, i64 0, i32 5 %5 = load %struct.inode.126756*, %struct.inode.126756** %4, align 8 %6 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.126855, %struct.iattr.126855* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.14486, i64 0, i64 0), i32 236, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 85) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %233 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.126756, %struct.inode.126756* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %233 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.126756*)*)(%struct.inode.126756* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 do_compat_fcntl64 2 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.compat_flock, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.compat_flock, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.compat_flock, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.124204* %14 = bitcast %struct.flock* %10 to i8* %15 = icmp eq i64 %12, 0 br i1 %15, label %183, label %16 %17 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %13, i64 0, i32 8 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 16384 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21, !prof !4, !misexpect !5 switch i32 %1, label %178 [ i32 0, label %22 i32 1030, label %22 i32 1, label %22 i32 2, label %22 i32 3, label %22 ] %23 = zext i32 %2 to i64 %24 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_fcntl to i32 (%struct.file.124204*, i32, i64)*)(%struct.file.124204* nonnull %13, i32 %1, i64 %23) #69 %25 = sext i32 %24 to i64 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %178 switch i32 %1, label %176 [ i32 5, label %28 i32 12, label %78 i32 36, label %78 i32 6, label %122 i32 7, label %122 i32 13, label %148 i32 14, label %148 i32 37, label %148 i32 38, label %148 ] %177 = tail call fastcc i64 @do_fcntl(i32 %0, i32 %1, i64 %23, %struct.file.124204* nonnull %13) #70 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %285 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %142 i32 15, label %171 i32 1038, label %235 i32 11, label %213 i32 10, label %217 i32 1025, label %222 i32 1024, label %225 i32 1026, label %228 i32 1031, label %231 i32 1032, label %231 i32 1033, label %233 i32 1034, label %233 i32 1035, label %235 i32 1036, label %235 i32 1037, label %235 ] %30 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 2 %31 = load %struct.inode.124363*, %struct.inode.124363** %30, align 8 %32 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.124363, %struct.inode.124363* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.124363*)*)(%struct.inode.124363* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 do_compat_fcntl64 2 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.compat_flock, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.compat_flock, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.compat_flock, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.124204* %14 = bitcast %struct.flock* %10 to i8* %15 = icmp eq i64 %12, 0 br i1 %15, label %183, label %16 %17 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %13, i64 0, i32 8 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 16384 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21, !prof !4, !misexpect !5 switch i32 %1, label %178 [ i32 0, label %22 i32 1030, label %22 i32 1, label %22 i32 2, label %22 i32 3, label %22 ] %23 = zext i32 %2 to i64 %24 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_fcntl to i32 (%struct.file.124204*, i32, i64)*)(%struct.file.124204* nonnull %13, i32 %1, i64 %23) #69 %25 = sext i32 %24 to i64 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %178 switch i32 %1, label %176 [ i32 5, label %28 i32 12, label %78 i32 36, label %78 i32 6, label %122 i32 7, label %122 i32 13, label %148 i32 14, label %148 i32 37, label %148 i32 38, label %148 ] %177 = tail call fastcc i64 @do_fcntl(i32 %0, i32 %1, i64 %23, %struct.file.124204* nonnull %13) #70 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %285 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %142 i32 15, label %171 i32 1038, label %235 i32 11, label %213 i32 10, label %217 i32 1025, label %222 i32 1024, label %225 i32 1026, label %228 i32 1031, label %231 i32 1032, label %231 i32 1033, label %233 i32 1034, label %233 i32 1035, label %235 i32 1036, label %235 i32 1037, label %235 ] %30 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 2 %31 = load %struct.inode.124363*, %struct.inode.124363** %30, align 8 %32 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.124363, %struct.inode.124363* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.124363*)*)(%struct.inode.124363* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 __se_sys_fcntl 2 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.124204* %9 = icmp eq i64 %7, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %8, i64 0, i32 8 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 16384 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 switch i32 %5, label %22 [ i32 0, label %16 i32 1030, label %16 i32 1, label %16 i32 2, label %16 i32 3, label %16 ] %17 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_fcntl to i32 (%struct.file.124204*, i32, i64)*)(%struct.file.124204* nonnull %8, i32 %5, i64 %2) #69 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %22 %21 = tail call fastcc i64 @do_fcntl(i32 %4, i32 %5, i64 %2, %struct.file.124204* nonnull %8) #69 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %285 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %142 i32 15, label %171 i32 1038, label %235 i32 11, label %213 i32 10, label %217 i32 1025, label %222 i32 1024, label %225 i32 1026, label %228 i32 1031, label %231 i32 1032, label %231 i32 1033, label %233 i32 1034, label %233 i32 1035, label %235 i32 1036, label %235 i32 1037, label %235 ] %30 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 2 %31 = load %struct.inode.124363*, %struct.inode.124363** %30, align 8 %32 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.124363, %struct.inode.124363* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.124363*)*)(%struct.inode.124363* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 __se_sys_fcntl 2 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.124204* %9 = icmp eq i64 %7, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %8, i64 0, i32 8 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 16384 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 switch i32 %5, label %22 [ i32 0, label %16 i32 1030, label %16 i32 1, label %16 i32 2, label %16 i32 3, label %16 ] %17 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_fcntl to i32 (%struct.file.124204*, i32, i64)*)(%struct.file.124204* nonnull %8, i32 %5, i64 %2) #69 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %22 %21 = tail call fastcc i64 @do_fcntl(i32 %4, i32 %5, i64 %2, %struct.file.124204* nonnull %8) #69 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %285 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %142 i32 15, label %171 i32 1038, label %235 i32 11, label %213 i32 10, label %217 i32 1025, label %222 i32 1024, label %225 i32 1026, label %228 i32 1031, label %231 i32 1032, label %231 i32 1033, label %233 i32 1034, label %233 i32 1035, label %235 i32 1036, label %235 i32 1037, label %235 ] %30 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 2 %31 = load %struct.inode.124363*, %struct.inode.124363** %30, align 8 %32 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.124363, %struct.inode.124363* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.126536*)* @inode_owner_or_capable to i1 (%struct.inode.124363*)*)(%struct.inode.124363* %31) #69 ------------- Good: 49 Bad: 58 Ignored: 167 Check Use of Function:vfs_symlink Check Use of Function:swsusp_free Check Use of Function:_dev_notice Check Use of Function:vfs_mkdir Check Use of Function:ipip6_tunnel_update Check Use of Function:vfs_mknod Check Use of Function:finish_open Check Use of Function:mmc_ioctl_cdrom_subchannel Check Use of Function:sr_reset Check Use of Function:delete_partition Check Use of Function:mmc_ioctl_dvd_read_struct Check Use of Function:vfs_tmpfile Check Use of Function:pci_enable_device Check Use of Function:netlink_ack Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff.224955* %0, i32 (%struct.sk_buff.224955*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #69 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %0, i64 0, i32 39 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff.224955* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #69 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff.224955* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #70 ------------- Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff.224955*, i32 (%struct.sk_buff.224955*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.592043*, i32 (%struct.sk_buff.592043*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.592043* %0, i32 (%struct.sk_buff.592043*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #69 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %0, i64 0, i32 39 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff.224955* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #69 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff.224955* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #70 ------------- Good: 15 Bad: 2 Ignored: 10 Check Use of Function:path_lookupat Check Use of Function:freeary Check Use of Function:freeque Check Use of Function:security_msg_queue_msgctl Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %79 = inttoptr i64 %15 to i8* %80 = tail call i64 @compat_ksys_msgctl(i32 %19, i32 %20, i8* %79) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %31 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %15, i32 %0, i32 %10, %struct.msqid64_ds* nonnull %6) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %24, i64 0, i32 96 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 32 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %31 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %15, i32 %0, i32 %10, %struct.msqid64_ds* nonnull %6) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %24, i64 0, i32 96 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 32 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 ksys_msgctl 2 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.msqid_ds* %12 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %11) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %28 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %24, i64 0, i32 96 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 32 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 ksys_msgctl 2 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to %struct.msqid_ds** %8 = load %struct.msqid_ds*, %struct.msqid_ds** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %8) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %28 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %24, i64 0, i32 96 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 32 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_info 1 compat_ksys_msgctl 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %79 = inttoptr i64 %15 to i8* %80 = tail call i64 @compat_ksys_msgctl(i32 %19, i32 %20, i8* %79) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %20 = bitcast %struct.msginfo* %7 to i8* %21 = call fastcc i32 @msgctl_info(%struct.ipc_namespace* %15, i32 %10, %struct.msginfo* nonnull %7) #69 Function:msgctl_info %4 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_info 1 compat_ksys_msgctl 2 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11) #69 Function:compat_ksys_msgctl %4 = alloca %struct.compat_msqid64_ds, align 4 %5 = alloca %struct.compat_msqid_ds, align 4 %6 = alloca %struct.msqid64_ds, align 8 %7 = alloca %struct.msginfo, align 4 %8 = bitcast %struct.msqid64_ds* %6 to i8* %9 = and i32 %1, 256 %10 = and i32 %1, -257 %11 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %11, i64 0, i32 85 %13 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = or i32 %1, %0 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %169 switch i32 %10, label %169 [ i32 3, label %19 i32 12, label %19 i32 2, label %30 i32 11, label %30 i32 13, label %30 i32 1, label %124 i32 0, label %166 ] %20 = bitcast %struct.msginfo* %7 to i8* %21 = call fastcc i32 @msgctl_info(%struct.ipc_namespace* %15, i32 %10, %struct.msginfo* nonnull %7) #69 Function:msgctl_info %4 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_info 1 ksys_msgctl 2 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.msqid_ds* %12 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %11) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %16 = bitcast %struct.msginfo* %5 to i8* %17 = call fastcc i32 @msgctl_info(%struct.ipc_namespace* %14, i32 %1, %struct.msginfo* nonnull %5) #69 Function:msgctl_info %4 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_info 1 ksys_msgctl 2 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to %struct.msqid_ds** %8 = load %struct.msqid_ds*, %struct.msqid_ds** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @ksys_msgctl(i32 %9, i32 %10, %struct.msqid_ds* %8) #69 Function:ksys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = bitcast %struct.msqid64_ds* %4 to i8* %7 = or i32 %1, %0 %8 = icmp sgt i32 %7, -1 br i1 %8, label %9, label %52 %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 switch i32 %1, label %52 [ i32 3, label %15 i32 12, label %15 i32 11, label %27 i32 13, label %27 i32 2, label %27 i32 1, label %38 i32 0, label %49 ] %16 = bitcast %struct.msginfo* %5 to i8* %17 = call fastcc i32 @msgctl_info(%struct.ipc_namespace* %14, i32 %1, %struct.msginfo* nonnull %5) #69 Function:msgctl_info %4 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Good: 1 Bad: 8 Ignored: 0 Check Use of Function:may_delete Check Use of Function:netlink_rcv_skb Use: =BAD PATH= Call Stack: 0 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff.224955* %0, i32 (%struct.sk_buff.224955*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #69 ------------- Use: =BAD PATH= Call Stack: 0 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff.224955*, i32 (%struct.sk_buff.224955*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.592043*, i32 (%struct.sk_buff.592043*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.592043* %0, i32 (%struct.sk_buff.592043*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #69 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:nd_jump_link Check Use of Function:ihold Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 8 %37 = load %struct.super_block.720*, %struct.super_block.720** %36, align 8 %38 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %37, i64 0, i32 30 %39 = bitcast i8** %38 to %struct.nfs_server.178497** %40 = load %struct.nfs_server.178497*, %struct.nfs_server.178497** %39, align 64 %41 = getelementptr inbounds %struct.nfs_server.178497, %struct.nfs_server.178497* %40, i64 0, i32 0 %42 = load %struct.nfs_client.178492*, %struct.nfs_client.178492** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.178492, %struct.nfs_client.178492* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.178474*, %struct.nfs_rpc_ops.178474** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.178474, %struct.nfs_rpc_ops.178474* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)*, i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.733* %5, %struct.inode.733* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.126536*)* @ihold to void (%struct.inode.733*)*)(%struct.inode.733* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 8 %37 = load %struct.super_block.720*, %struct.super_block.720** %36, align 8 %38 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %37, i64 0, i32 30 %39 = bitcast i8** %38 to %struct.nfs_server.178497** %40 = load %struct.nfs_server.178497*, %struct.nfs_server.178497** %39, align 64 %41 = getelementptr inbounds %struct.nfs_server.178497, %struct.nfs_server.178497* %40, i64 0, i32 0 %42 = load %struct.nfs_client.178492*, %struct.nfs_client.178492** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.178492, %struct.nfs_client.178492* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.178474*, %struct.nfs_rpc_ops.178474** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.178474, %struct.nfs_rpc_ops.178474* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)*, i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.733* %5, %struct.inode.733* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.126536*)* @ihold to void (%struct.inode.733*)*)(%struct.inode.733* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.126033*)* @d_drop to void (%struct.dentry.734*)*)(%struct.dentry.734* %2) #69 %29 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.180634*)* @nfs_sync_inode to i32 (%struct.inode.733*)*)(%struct.inode.733* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 8 %37 = load %struct.super_block.720*, %struct.super_block.720** %36, align 8 %38 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %37, i64 0, i32 30 %39 = bitcast i8** %38 to %struct.nfs_server.178497** %40 = load %struct.nfs_server.178497*, %struct.nfs_server.178497** %39, align 64 %41 = getelementptr inbounds %struct.nfs_server.178497, %struct.nfs_server.178497* %40, i64 0, i32 0 %42 = load %struct.nfs_client.178492*, %struct.nfs_client.178492** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.178492, %struct.nfs_client.178492* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.178474*, %struct.nfs_rpc_ops.178474** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.178474, %struct.nfs_rpc_ops.178474* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)*, i32 (%struct.inode.733*, %struct.inode.733*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.733* %5, %struct.inode.733* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.126536*)* @ihold to void (%struct.inode.733*)*)(%struct.inode.733* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 bd_acquire 1 blkdev_open ------------- Path:  Function:blkdev_open %3 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = or i32 %4, 32768 store i32 %5, i32* %3, align 8 %6 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %1, i64 0, i32 8 %7 = load i32, i32* %6, align 4 %8 = and i32 %4, 2048 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 134217728, i32 134217792 %11 = or i32 %10, %7 %12 = and i32 %4, 128 %13 = or i32 %12, %11 %14 = and i32 %4, 3 %15 = icmp eq i32 %14, 3 %16 = or i32 %13, 256 %17 = select i1 %15, i32 %16, i32 %13 store i32 %17, i32* %6, align 4 %18 = tail call fastcc %struct.block_device.133500* @bd_acquire(%struct.inode.133641* %0) #69 Function:bd_acquire tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @bdev_lock, i64 0, i32 0, i32 0)) #69 %2 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %0, i64 0, i32 42 %3 = bitcast %union.anon.79* %2 to %struct.block_device.133500** %4 = load %struct.block_device.133500*, %struct.block_device.133500** %3, align 8 %5 = icmp eq %struct.block_device.133500* %4, null br i1 %5, label %28, label %6 %7 = getelementptr inbounds %struct.block_device.133500, %struct.block_device.133500* %4, i64 0, i32 2 %8 = load %struct.inode.133641*, %struct.inode.133641** %7, align 8 %9 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %8, i64 0, i32 27, i32 1 %10 = load %struct.hlist_node**, %struct.hlist_node*** %9, align 8 %11 = icmp eq %struct.hlist_node** %10, null br i1 %11, label %13, label %12 tail call void bitcast (void (%struct.inode.126536*)* @ihold to void (%struct.inode.133641*)*)(%struct.inode.133641* %8) #69 ------------- Good: 23 Bad: 4 Ignored: 9 Check Use of Function:create_new_namespaces Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %6 = tail call %struct.file.45918* bitcast (%struct.file.132813* (i32)* @proc_ns_fget to %struct.file.45918* (i32)*)(i32 %3) #69 %7 = icmp ugt %struct.file.45918* %6, inttoptr (i64 -4096 to %struct.file.45918*) br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.file.45918, %struct.file.45918* %6, i64 0, i32 2 %12 = load %struct.inode.46070*, %struct.inode.46070** %11, align 8 %13 = getelementptr inbounds %struct.inode.46070, %struct.inode.46070* %12, i64 0, i32 46 %14 = bitcast i8** %13 to %struct.ns_common.45913** %15 = load %struct.ns_common.45913*, %struct.ns_common.45913** %14, align 8 %16 = icmp eq i32 %4, 0 br i1 %16, label %23, label %17 %18 = getelementptr inbounds %struct.ns_common.45913, %struct.ns_common.45913* %15, i64 0, i32 1 %19 = load %struct.proc_ns_operations.45912*, %struct.proc_ns_operations.45912** %18, align 8 %20 = getelementptr inbounds %struct.proc_ns_operations.45912, %struct.proc_ns_operations.45912* %19, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %4 br i1 %22, label %23, label %54 %24 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %5, i64 0, i32 83 %25 = load %struct.fs_struct*, %struct.fs_struct** %24, align 8 %26 = tail call fastcc %struct.nsproxy.45911* @create_new_namespaces(i64 0, %struct.task_struct.46154* %5, %struct.user_namespace.45914* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, %struct.kuid_t, %struct.user_namespace.44040*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common.44028, i64, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts.44039*, [9 x i32] }* @init_user_ns to %struct.user_namespace.45914*), %struct.fs_struct* %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %6 = tail call %struct.file.45918* bitcast (%struct.file.132813* (i32)* @proc_ns_fget to %struct.file.45918* (i32)*)(i32 %3) #69 %7 = icmp ugt %struct.file.45918* %6, inttoptr (i64 -4096 to %struct.file.45918*) br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.file.45918, %struct.file.45918* %6, i64 0, i32 2 %12 = load %struct.inode.46070*, %struct.inode.46070** %11, align 8 %13 = getelementptr inbounds %struct.inode.46070, %struct.inode.46070* %12, i64 0, i32 46 %14 = bitcast i8** %13 to %struct.ns_common.45913** %15 = load %struct.ns_common.45913*, %struct.ns_common.45913** %14, align 8 %16 = icmp eq i32 %4, 0 br i1 %16, label %23, label %17 %18 = getelementptr inbounds %struct.ns_common.45913, %struct.ns_common.45913* %15, i64 0, i32 1 %19 = load %struct.proc_ns_operations.45912*, %struct.proc_ns_operations.45912** %18, align 8 %20 = getelementptr inbounds %struct.proc_ns_operations.45912, %struct.proc_ns_operations.45912* %19, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %4 br i1 %22, label %23, label %54 %24 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %5, i64 0, i32 83 %25 = load %struct.fs_struct*, %struct.fs_struct** %24, align 8 %26 = tail call fastcc %struct.nsproxy.45911* @create_new_namespaces(i64 0, %struct.task_struct.46154* %5, %struct.user_namespace.45914* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.exception_table_entry], [4 x i8] } }, %struct.kuid_t, %struct.user_namespace.44040*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common.44028, i64, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts.44039*, [9 x i32] }* @init_user_ns to %struct.user_namespace.45914*), %struct.fs_struct* %25) #69 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:__tcf_chain_put Check Use of Function:tcf_fill_node Check Use of Function:rtnetlink_send Check Use of Function:tc_chain_fill_node Check Use of Function:qdisc_put Check Use of Function:shmem_unlink Use: =BAD PATH= Call Stack: 0 shmem_rename2 ------------- Path:  Function:shmem_rename2 %6 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %1, i64 0, i32 5 %7 = load %struct.inode.105188*, %struct.inode.105188** %6, align 8 %8 = getelementptr inbounds %struct.inode.105188, %struct.inode.105188* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = icmp ult i32 %4, 8 br i1 %12, label %13, label %100 %14 = and i32 %4, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %52, label %16 %53 = tail call i32 bitcast (i32 (%struct.dentry.129187*)* @simple_empty to i32 (%struct.dentry.105192*)*)(%struct.dentry.105192* %3) #69 %54 = icmp eq i32 %53, 0 br i1 %54, label %100, label %55 %56 = and i32 %4, 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %68, label %58 %59 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %1, i64 0, i32 3 %60 = load %struct.dentry.105192*, %struct.dentry.105192** %59, align 8 %61 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %1, i64 0, i32 4 %62 = tail call %struct.dentry.105192* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.105192* (%struct.dentry.105192*, %struct.qstr*)*)(%struct.dentry.105192* %60, %struct.qstr* %61) #69 %63 = icmp eq %struct.dentry.105192* %62, null br i1 %63, label %100, label %64 %65 = tail call i32 @shmem_mknod(%struct.inode.105188* %0, %struct.dentry.105192* nonnull %62, i16 zeroext 8192, i32 0) #69 tail call void bitcast (void (%struct.dentry.126033*)* @dput to void (%struct.dentry.105192*)*)(%struct.dentry.105192* nonnull %62) #69 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %100 tail call void bitcast (void (%struct.dentry.126033*)* @d_rehash to void (%struct.dentry.105192*)*)(%struct.dentry.105192* nonnull %62) #69 br label %68 %69 = getelementptr inbounds %struct.dentry.105192, %struct.dentry.105192* %3, i64 0, i32 5 %70 = load %struct.inode.105188*, %struct.inode.105188** %69, align 8 %71 = icmp eq %struct.inode.105188* %70, null br i1 %71, label %76, label %72 %73 = tail call i32 @shmem_unlink(%struct.inode.105188* %2, %struct.dentry.105192* %3) #70 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:qdisc_notify Check Use of Function:is_subdir Check Use of Function:nla_strcmp Check Use of Function:ktime_add_safe Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_futex ------------- Path:  Function:__ia32_compat_sys_futex %2 = alloca %struct.anon.48, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = inttoptr i64 %6 to i32* %20 = trunc i64 %8 to i32 %21 = trunc i64 %10 to i32 %22 = inttoptr i64 %16 to i32* %23 = trunc i64 %18 to i32 %24 = bitcast %struct.anon.48* %2 to i8* %25 = bitcast i64* %3 to i8* %26 = and i32 %20, -385 %27 = icmp eq i64 %13, 0 br i1 %27, label %56, label %28 %29 = icmp eq i32 %26, 0 %30 = icmp eq i32 %26, 6 %31 = or i1 %29, %30 %32 = and i32 %20, -387 %33 = icmp eq i32 %32, 9 %34 = or i1 %33, %31 br i1 %34, label %35, label %56 %36 = inttoptr i64 %13 to i8* %37 = call i32 @compat_get_timespec(%struct.anon.48* nonnull %2, i8* nonnull %36) #69 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %64 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %64, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ult i64 %45, 1000000000 br i1 %46, label %47, label %64 %48 = icmp sgt i64 %41, 9223372035 %49 = mul i64 %41, 1000000000 %50 = add i64 %45, %49 %51 = select i1 %48, i64 9223372036854775807, i64 %50, !prof !4 store i64 %51, i64* %3, align 8 br i1 %29, label %52, label %56 %53 = call i64 @ktime_get() #69 %54 = load i64, i64* %3, align 8 %55 = call i64 @ktime_add_safe(i64 %53, i64 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __ia32_compat_sys_futex ------------- Path:  Function:__ia32_compat_sys_futex %2 = alloca %struct.anon.48, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = inttoptr i64 %6 to i32* %20 = trunc i64 %8 to i32 %21 = trunc i64 %10 to i32 %22 = inttoptr i64 %16 to i32* %23 = trunc i64 %18 to i32 %24 = bitcast %struct.anon.48* %2 to i8* %25 = bitcast i64* %3 to i8* %26 = and i32 %20, -385 %27 = icmp eq i64 %13, 0 br i1 %27, label %56, label %28 %29 = icmp eq i32 %26, 0 %30 = icmp eq i32 %26, 6 %31 = or i1 %29, %30 %32 = and i32 %20, -387 %33 = icmp eq i32 %32, 9 %34 = or i1 %33, %31 br i1 %34, label %35, label %56 %36 = inttoptr i64 %13 to i8* %37 = call i32 @compat_get_timespec(%struct.anon.48* nonnull %2, i8* nonnull %36) #69 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %64 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %64, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ult i64 %45, 1000000000 br i1 %46, label %47, label %64 %48 = icmp sgt i64 %41, 9223372035 %49 = mul i64 %41, 1000000000 %50 = add i64 %45, %49 %51 = select i1 %48, i64 9223372036854775807, i64 %50, !prof !4 store i64 %51, i64* %3, align 8 br i1 %29, label %52, label %56 %57 = phi i64* [ null, %28 ], [ null, %1 ], [ %3, %47 ] switch i32 %26, label %60 [ i32 12, label %58 i32 5, label %58 i32 4, label %58 i32 3, label %58 ] %59 = trunc i64 %12 to i32 br label %60 %61 = phi i64* [ %57, %58 ], [ %57, %56 ], [ %3, %52 ] %62 = phi i32 [ %59, %58 ], [ 0, %56 ], [ 0, %52 ] %63 = call i64 @do_futex(i32* %19, i32 %20, i32 %21, i64* %61, i32* %22, i32 %62, i32 %23) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.78091, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.78091* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %129, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = icmp eq i64* %3, null br i1 %15, label %28, label %16 %17 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0 %18 = lshr i32 %1, 1 %19 = and i32 %18, 1 %20 = xor i32 %19, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %20, i32 0) #69 %21 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !4 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %6, %struct.task_struct.78089* %21) #69 %22 = load i64, i64* %3, align 8 %23 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %21, i64 0, i32 150 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0, i32 1 store i64 %22, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %22, i64 %24) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.78091, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.78091* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %129, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = icmp eq i64* %3, null br i1 %15, label %28, label %16 %17 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0 %18 = lshr i32 %1, 1 %19 = and i32 %18, 1 %20 = xor i32 %19, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %20, i32 0) #69 %21 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !4 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %6, %struct.task_struct.78089* %21) #69 %22 = load i64, i64* %3, align 8 %23 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %21, i64 0, i32 150 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0, i32 1 store i64 %22, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %22, i64 %24) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.78091, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.78091* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %129, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = icmp eq i64* %3, null br i1 %15, label %28, label %16 %17 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0 %18 = lshr i32 %1, 1 %19 = and i32 %18, 1 %20 = xor i32 %19, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %20, i32 0) #69 %21 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !4 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %6, %struct.task_struct.78089* %21) #69 %22 = load i64, i64* %3, align 8 %23 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %21, i64 0, i32 150 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %6, i64 0, i32 0, i32 1 store i64 %22, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %22, i64 %24) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __ia32_compat_sys_futex ------------- Path:  Function:__ia32_compat_sys_futex %2 = alloca %struct.anon.48, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = inttoptr i64 %6 to i32* %20 = trunc i64 %8 to i32 %21 = trunc i64 %10 to i32 %22 = inttoptr i64 %16 to i32* %23 = trunc i64 %18 to i32 %24 = bitcast %struct.anon.48* %2 to i8* %25 = bitcast i64* %3 to i8* %26 = and i32 %20, -385 %27 = icmp eq i64 %13, 0 br i1 %27, label %56, label %28 %29 = icmp eq i32 %26, 0 %30 = icmp eq i32 %26, 6 %31 = or i1 %29, %30 %32 = and i32 %20, -387 %33 = icmp eq i32 %32, 9 %34 = or i1 %33, %31 br i1 %34, label %35, label %56 %36 = inttoptr i64 %13 to i8* %37 = call i32 @compat_get_timespec(%struct.anon.48* nonnull %2, i8* nonnull %36) #69 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %64 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp slt i64 %41, 0 br i1 %42, label %64, label %43 %44 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %45 = load i64, i64* %44, align 8 %46 = icmp ult i64 %45, 1000000000 br i1 %46, label %47, label %64 %48 = icmp sgt i64 %41, 9223372035 %49 = mul i64 %41, 1000000000 %50 = add i64 %45, %49 %51 = select i1 %48, i64 9223372036854775807, i64 %50, !prof !4 store i64 %51, i64* %3, align 8 br i1 %29, label %52, label %56 %57 = phi i64* [ null, %28 ], [ null, %1 ], [ %3, %47 ] switch i32 %26, label %60 [ i32 12, label %58 i32 5, label %58 i32 4, label %58 i32 3, label %58 ] %59 = trunc i64 %12 to i32 br label %60 %61 = phi i64* [ %57, %58 ], [ %57, %56 ], [ %3, %52 ] %62 = phi i32 [ %59, %58 ], [ 0, %56 ], [ 0, %52 ] %63 = call i64 @do_futex(i32* %19, i32 %20, i32 %21, i64* %61, i32* %22, i32 %62, i32 %23) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1015 switch i32 %20, label %1015 [ i32 12, label %1012 i32 9, label %36 i32 11, label %796 i32 10, label %41 i32 8, label %793 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %797 = bitcast %struct.hrtimer_sleeper.78091* %8 to i8* %798 = bitcast %struct.rt_mutex_waiter.78052* %9 to i8* %799 = bitcast %struct.futex_hash_bucket** %10 to i8* %800 = bitcast %union.futex_key* %11 to i8* %801 = bitcast %struct.futex_q* %12 to i8* %802 = icmp eq i32* %0, %4 br i1 %802, label %1009, label %803 %804 = icmp eq i64* %3, null br i1 %804, label %817, label %805 %806 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0 %807 = lshr i32 %31, 1 %808 = and i32 %807, 1 %809 = xor i32 %808, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %806, i32 %809, i32 0) #70 %810 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !6 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %8, %struct.task_struct.78089* %810) #70 %811 = load i64, i64* %3, align 8 %812 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %810, i64 0, i32 150 %813 = load i64, i64* %812, align 8 %814 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0, i32 1 store i64 %811, i64* %814, align 8 %815 = call i64 @ktime_add_safe(i64 %811, i64 %813) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1015 switch i32 %20, label %1015 [ i32 12, label %1012 i32 9, label %36 i32 11, label %796 i32 10, label %41 i32 8, label %793 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %797 = bitcast %struct.hrtimer_sleeper.78091* %8 to i8* %798 = bitcast %struct.rt_mutex_waiter.78052* %9 to i8* %799 = bitcast %struct.futex_hash_bucket** %10 to i8* %800 = bitcast %union.futex_key* %11 to i8* %801 = bitcast %struct.futex_q* %12 to i8* %802 = icmp eq i32* %0, %4 br i1 %802, label %1009, label %803 %804 = icmp eq i64* %3, null br i1 %804, label %817, label %805 %806 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0 %807 = lshr i32 %31, 1 %808 = and i32 %807, 1 %809 = xor i32 %808, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %806, i32 %809, i32 0) #70 %810 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !6 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %8, %struct.task_struct.78089* %810) #70 %811 = load i64, i64* %3, align 8 %812 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %810, i64 0, i32 150 %813 = load i64, i64* %812, align 8 %814 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0, i32 1 store i64 %811, i64* %814, align 8 %815 = call i64 @ktime_add_safe(i64 %811, i64 %813) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.48, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.48* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.78091, align 8 %9 = alloca %struct.rt_mutex_waiter.78052, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1015 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1015 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1015 switch i32 %20, label %1015 [ i32 12, label %1012 i32 9, label %36 i32 11, label %796 i32 10, label %41 i32 8, label %793 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %797 = bitcast %struct.hrtimer_sleeper.78091* %8 to i8* %798 = bitcast %struct.rt_mutex_waiter.78052* %9 to i8* %799 = bitcast %struct.futex_hash_bucket** %10 to i8* %800 = bitcast %union.futex_key* %11 to i8* %801 = bitcast %struct.futex_q* %12 to i8* %802 = icmp eq i32* %0, %4 br i1 %802, label %1009, label %803 %804 = icmp eq i64* %3, null br i1 %804, label %817, label %805 %806 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0 %807 = lshr i32 %31, 1 %808 = and i32 %807, 1 %809 = xor i32 %808, 1 call void @hrtimer_init(%struct.hrtimer* nonnull %806, i32 %809, i32 0) #70 %810 = call %struct.task_struct.78089* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.78089** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.78089**)) #10, !srcloc !6 call void bitcast (void (%struct.hrtimer_sleeper.73470*, %struct.task_struct.50485*)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.78091*, %struct.task_struct.78089*)*)(%struct.hrtimer_sleeper.78091* nonnull %8, %struct.task_struct.78089* %810) #70 %811 = load i64, i64* %3, align 8 %812 = getelementptr inbounds %struct.task_struct.78089, %struct.task_struct.78089* %810, i64 0, i32 150 %813 = load i64, i64* %812, align 8 %814 = getelementptr inbounds %struct.hrtimer_sleeper.78091, %struct.hrtimer_sleeper.78091* %8, i64 0, i32 0, i32 1 store i64 %811, i64* %814, align 8 %815 = call i64 @ktime_add_safe(i64 %811, i64 %813) #70 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __ia32_compat_sys_timerfd_gettime ------------- Path:  Function:__ia32_compat_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.39652* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 3 %10 = load %struct.file_operations.39492*, %struct.file_operations.39492** %9, align 8 %11 = icmp eq %struct.file_operations.39492* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __ia32_sys_timerfd_gettime ------------- Path:  Function:__ia32_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.39652* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 3 %10 = load %struct.file_operations.39492*, %struct.file_operations.39492** %9, align 8 %11 = icmp eq %struct.file_operations.39492* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __x64_sys_timerfd_gettime ------------- Path:  Function:__x64_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.itimerspec64** %7 = load %struct.itimerspec64*, %struct.itimerspec64** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.39652* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 3 %10 = load %struct.file_operations.39492*, %struct.file_operations.39492** %9, align 8 %11 = icmp eq %struct.file_operations.39492* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __ia32_compat_sys_timerfd_settime ------------- Path:  Function:__ia32_compat_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.compat_itimerspec* %15 = inttoptr i64 %13 to %struct.compat_itimerspec* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_compat_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.compat_itimerspec* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %110, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %26 = bitcast i8** %24 to %struct.task_struct.39605** store %struct.task_struct.39605* %25, %struct.task_struct.39605** %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 0 store %struct.list_head* %28, %struct.list_head** %29, align 8 %30 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %28, %struct.list_head** %30, align 8 br label %31 %32 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %37 %38 = load %struct.list_head*, %struct.list_head** %30, align 8 %39 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 1 store %struct.list_head* %38, %struct.list_head** %41, align 8 %42 = ptrtoint %struct.list_head* %40 to i64 %43 = bitcast %struct.list_head* %38 to i64* store volatile i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %25, i64 0, i32 1 store volatile i64 0, i64* %44, align 16 %45 = sext i32 %32 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %37 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %33, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %29, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %20, label %17, !prof !4, !misexpect !5 %18 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.21.8151, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.22.8152, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 10) #6, !srcloc !7 %19 = load i64, i64* %9, align 8 br label %20 %21 = phi i64 [ %10, %15 ], [ %19, %17 ] %22 = sdiv i64 %11, %1 %23 = mul i64 %22, %1 %24 = add i64 %23, %21 store i64 %24, i64* %9, align 8 %25 = icmp sgt i64 %24, %8 %26 = xor i1 %25, true %27 = zext i1 %26 to i64 %28 = add i64 %22, %27 br i1 %25, label %33, label %29 %30 = phi i64 [ %24, %20 ], [ %10, %13 ] %31 = phi i64 [ %28, %20 ], [ 1, %13 ] %32 = tail call i64 @ktime_add_safe(i64 %30, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __ia32_compat_sys_timerfd_settime ------------- Path:  Function:__ia32_compat_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.compat_itimerspec* %15 = inttoptr i64 %13 to %struct.compat_itimerspec* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_compat_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.compat_itimerspec* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Good: 5 Bad: 19 Ignored: 16 Check Use of Function:xs_tcp_set_socket_timeouts Check Use of Function:netlink_broadcast Check Use of Function:__dquot_alloc_space Check Use of Function:write_iter_null Check Use of Function:unlock_two_nondirectories Check Use of Function:d_move Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 ------------- Good: 4 Bad: 3 Ignored: 3 Check Use of Function:bdevname Check Use of Function:ext4_bmap Check Use of Function:__d_lookup_done Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.126033* %0, %struct.dentry.126033* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 5 %5 = load %struct.inode.126046*, %struct.inode.126046** %4, align 8 %6 = icmp eq %struct.inode.126046* %5, null br i1 %6, label %7, label %9, !prof !4, !misexpect !5 %8 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.14330, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.14329, i64 0, i64 0), i32 2747, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 125) #6, !srcloc !7 br label %9 %10 = icmp eq %struct.dentry.126033* %0, %1 br i1 %10, label %11, label %13, !prof !4, !misexpect !5 %14 = phi %struct.dentry.126033* [ %16, %18 ], [ %0, %9 ] %15 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %14, i64 0, i32 3 %16 = load %struct.dentry.126033*, %struct.dentry.126033** %15, align 8 %17 = icmp eq %struct.dentry.126033* %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %25 = load %struct.dentry.126033*, %struct.dentry.126033** %24, align 8 br label %26 %27 = phi %struct.dentry.126033* [ %1, %23 ], [ %29, %31 ] %28 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %27, i64 0, i32 3 %29 = load %struct.dentry.126033*, %struct.dentry.126033** %28, align 8 %30 = icmp eq %struct.dentry.126033* %27, %29 br i1 %30, label %33, label %31 %34 = phi %struct.dentry.126033* [ %27, %31 ], [ null, %26 ] %35 = icmp eq %struct.dentry.126033* %25, %0 %36 = icmp eq %struct.dentry.126033* %34, null br i1 %35, label %37, label %42 br i1 %36, label %43, label %48 %44 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %45 = load %struct.dentry.126033*, %struct.dentry.126033** %44, align 8 %46 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #70 br label %58 %59 = phi %struct.dentry.126033* [ %41, %39 ], [ %57, %55 ], [ %25, %43 ] %60 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %59, i64 0, i32 7, i32 0 %61 = bitcast %struct.anon.1* %60 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %61) #70 br label %62 %63 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #70 %65 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 7, i32 0 %66 = bitcast %struct.anon.1* %65 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #70 %67 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 0 %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 268435456 %70 = icmp eq i32 %69, 0 br i1 %70, label %89, label %71, !prof !10, !misexpect !5 %72 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %73 = load %struct.dentry.126033*, %struct.dentry.126033** %72, align 8 %74 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %73, i64 0, i32 5 %75 = load %struct.inode.126046*, %struct.inode.126046** %74, align 8 %76 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %75, i64 0, i32 42 %77 = bitcast %union.anon.79* %76 to i32* br label %78 %79 = load i32, i32* %77, align 8 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %86 %83 = add i32 %79, 1 %84 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %77, i32 %83, i32 %79, i32* %77) #6, !srcloc !17 %85 = icmp eq i32 %84, %79 br i1 %85, label %87, label %86 tail call void @__d_lookup_done(%struct.dentry.126033* %1) #71 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.126033* %0, %struct.dentry.126033* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 5 %5 = load %struct.inode.126046*, %struct.inode.126046** %4, align 8 %6 = icmp eq %struct.inode.126046* %5, null br i1 %6, label %7, label %9, !prof !4, !misexpect !5 %8 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.14330, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.14329, i64 0, i64 0), i32 2747, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 125) #6, !srcloc !7 br label %9 %10 = icmp eq %struct.dentry.126033* %0, %1 br i1 %10, label %11, label %13, !prof !4, !misexpect !5 %14 = phi %struct.dentry.126033* [ %16, %18 ], [ %0, %9 ] %15 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %14, i64 0, i32 3 %16 = load %struct.dentry.126033*, %struct.dentry.126033** %15, align 8 %17 = icmp eq %struct.dentry.126033* %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %25 = load %struct.dentry.126033*, %struct.dentry.126033** %24, align 8 br label %26 %27 = phi %struct.dentry.126033* [ %1, %23 ], [ %29, %31 ] %28 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %27, i64 0, i32 3 %29 = load %struct.dentry.126033*, %struct.dentry.126033** %28, align 8 %30 = icmp eq %struct.dentry.126033* %27, %29 br i1 %30, label %33, label %31 %34 = phi %struct.dentry.126033* [ %27, %31 ], [ null, %26 ] %35 = icmp eq %struct.dentry.126033* %25, %0 %36 = icmp eq %struct.dentry.126033* %34, null br i1 %35, label %37, label %42 br i1 %36, label %43, label %48 %44 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %45 = load %struct.dentry.126033*, %struct.dentry.126033** %44, align 8 %46 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #70 br label %58 %59 = phi %struct.dentry.126033* [ %41, %39 ], [ %57, %55 ], [ %25, %43 ] %60 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %59, i64 0, i32 7, i32 0 %61 = bitcast %struct.anon.1* %60 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %61) #70 br label %62 %63 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #70 %65 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 7, i32 0 %66 = bitcast %struct.anon.1* %65 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #70 %67 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 0 %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 268435456 %70 = icmp eq i32 %69, 0 br i1 %70, label %89, label %71, !prof !10, !misexpect !5 %72 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %73 = load %struct.dentry.126033*, %struct.dentry.126033** %72, align 8 %74 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %73, i64 0, i32 5 %75 = load %struct.inode.126046*, %struct.inode.126046** %74, align 8 %76 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %75, i64 0, i32 42 %77 = bitcast %union.anon.79* %76 to i32* br label %78 %79 = load i32, i32* %77, align 8 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %86 %83 = add i32 %79, 1 %84 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %77, i32 %83, i32 %79, i32* %77) #6, !srcloc !17 %85 = icmp eq i32 %84, %79 br i1 %85, label %87, label %86 tail call void @__d_lookup_done(%struct.dentry.126033* %1) #71 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 5 %9 = load %struct.inode.733*, %struct.inode.733** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.733* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.734* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 3 %55 = load %struct.dentry.734*, %struct.dentry.734** %54, align 8 %56 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %3, i64 0, i32 4 %57 = tail call %struct.dentry.734* bitcast (%struct.dentry.126033* (%struct.dentry.126033*, %struct.qstr*)* @d_alloc to %struct.dentry.734* (%struct.dentry.734*, %struct.qstr*)*)(%struct.dentry.734* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.734* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.185836*, %struct.dentry.185839*)* @nfs_sillyrename to i32 (%struct.inode.733*, %struct.dentry.734*)*)(%struct.inode.733* %2, %struct.dentry.734* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.733* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.734* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.734* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.734* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.734* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.733* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.126033*, %struct.dentry.126033*)* @d_move to void (%struct.dentry.734*, %struct.dentry.734*)*)(%struct.dentry.734* %1, %struct.dentry.734* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.126033* %0, %struct.dentry.126033* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 5 %5 = load %struct.inode.126046*, %struct.inode.126046** %4, align 8 %6 = icmp eq %struct.inode.126046* %5, null br i1 %6, label %7, label %9, !prof !4, !misexpect !5 %8 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.14330, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.14329, i64 0, i64 0), i32 2747, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 125) #6, !srcloc !7 br label %9 %10 = icmp eq %struct.dentry.126033* %0, %1 br i1 %10, label %11, label %13, !prof !4, !misexpect !5 %14 = phi %struct.dentry.126033* [ %16, %18 ], [ %0, %9 ] %15 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %14, i64 0, i32 3 %16 = load %struct.dentry.126033*, %struct.dentry.126033** %15, align 8 %17 = icmp eq %struct.dentry.126033* %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %25 = load %struct.dentry.126033*, %struct.dentry.126033** %24, align 8 br label %26 %27 = phi %struct.dentry.126033* [ %1, %23 ], [ %29, %31 ] %28 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %27, i64 0, i32 3 %29 = load %struct.dentry.126033*, %struct.dentry.126033** %28, align 8 %30 = icmp eq %struct.dentry.126033* %27, %29 br i1 %30, label %33, label %31 %34 = phi %struct.dentry.126033* [ %27, %31 ], [ null, %26 ] %35 = icmp eq %struct.dentry.126033* %25, %0 %36 = icmp eq %struct.dentry.126033* %34, null br i1 %35, label %37, label %42 br i1 %36, label %43, label %48 %44 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %45 = load %struct.dentry.126033*, %struct.dentry.126033** %44, align 8 %46 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #70 br label %58 %59 = phi %struct.dentry.126033* [ %41, %39 ], [ %57, %55 ], [ %25, %43 ] %60 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %59, i64 0, i32 7, i32 0 %61 = bitcast %struct.anon.1* %60 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %61) #70 br label %62 %63 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #70 %65 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 7, i32 0 %66 = bitcast %struct.anon.1* %65 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %66) #70 %67 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 0 %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 268435456 %70 = icmp eq i32 %69, 0 br i1 %70, label %89, label %71, !prof !10, !misexpect !5 %72 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %1, i64 0, i32 3 %73 = load %struct.dentry.126033*, %struct.dentry.126033** %72, align 8 %74 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %73, i64 0, i32 5 %75 = load %struct.inode.126046*, %struct.inode.126046** %74, align 8 %76 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %75, i64 0, i32 42 %77 = bitcast %union.anon.79* %76 to i32* br label %78 %79 = load i32, i32* %77, align 8 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %86 %83 = add i32 %79, 1 %84 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %77, i32 %83, i32 %79, i32* %77) #6, !srcloc !17 %85 = icmp eq i32 %84, %79 br i1 %85, label %87, label %86 tail call void @__d_lookup_done(%struct.dentry.126033* %1) #71 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 9 %11 = load %struct.super_block.129157*, %struct.super_block.129157** %10, align 8 %12 = getelementptr inbounds %struct.super_block.129157, %struct.super_block.129157* %11, i64 0, i32 36 %13 = load %struct.dentry_operations.129188*, %struct.dentry_operations.129188** %12, align 64 %14 = icmp eq %struct.dentry_operations.129188* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.126033*, %struct.inode.126046*)* @d_add to void (%struct.dentry.129187*, %struct.inode.129184*)*)(%struct.dentry.129187* %1, %struct.inode.129184* null) #69 Function:d_add %3 = icmp eq %struct.inode.126046* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.126033* %0, %struct.inode.126046* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %11 = load %struct.dentry.126033*, %struct.dentry.126033** %10, align 8 %12 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %11, i64 0, i32 5 %13 = load %struct.inode.126046*, %struct.inode.126046** %12, align 8 %14 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %13, i64 0, i32 42 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.126033* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 9 %11 = load %struct.super_block.129157*, %struct.super_block.129157** %10, align 8 %12 = getelementptr inbounds %struct.super_block.129157, %struct.super_block.129157* %11, i64 0, i32 36 %13 = load %struct.dentry_operations.129188*, %struct.dentry_operations.129188** %12, align 64 %14 = icmp eq %struct.dentry_operations.129188* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.126033*, %struct.inode.126046*)* @d_add to void (%struct.dentry.129187*, %struct.inode.129184*)*)(%struct.dentry.129187* %1, %struct.inode.129184* null) #69 Function:d_add %3 = icmp eq %struct.inode.126046* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.126033* %0, %struct.inode.126046* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %11 = load %struct.dentry.126033*, %struct.dentry.126033** %10, align 8 %12 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %11, i64 0, i32 5 %13 = load %struct.inode.126046*, %struct.inode.126046** %12, align 8 %14 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %13, i64 0, i32 42 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.126033* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 9 %11 = load %struct.super_block.129157*, %struct.super_block.129157** %10, align 8 %12 = getelementptr inbounds %struct.super_block.129157, %struct.super_block.129157* %11, i64 0, i32 36 %13 = load %struct.dentry_operations.129188*, %struct.dentry_operations.129188** %12, align 64 %14 = icmp eq %struct.dentry_operations.129188* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.126033*, %struct.inode.126046*)* @d_add to void (%struct.dentry.129187*, %struct.inode.129184*)*)(%struct.dentry.129187* %1, %struct.inode.129184* null) #69 Function:d_add %3 = icmp eq %struct.inode.126046* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.126033* %0, %struct.inode.126046* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %11 = load %struct.dentry.126033*, %struct.dentry.126033** %10, align 8 %12 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %11, i64 0, i32 5 %13 = load %struct.inode.126046*, %struct.inode.126046** %12, align 8 %14 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %13, i64 0, i32 42 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.126033* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 9 %11 = load %struct.super_block.129157*, %struct.super_block.129157** %10, align 8 %12 = getelementptr inbounds %struct.super_block.129157, %struct.super_block.129157* %11, i64 0, i32 36 %13 = load %struct.dentry_operations.129188*, %struct.dentry_operations.129188** %12, align 64 %14 = icmp eq %struct.dentry_operations.129188* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.126033*, %struct.inode.126046*)* @d_add to void (%struct.dentry.129187*, %struct.inode.129184*)*)(%struct.dentry.129187* %1, %struct.inode.129184* null) #69 Function:d_add %3 = icmp eq %struct.inode.126046* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.126033* %0, %struct.inode.126046* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %11 = load %struct.dentry.126033*, %struct.dentry.126033** %10, align 8 %12 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %11, i64 0, i32 5 %13 = load %struct.inode.126046*, %struct.inode.126046** %12, align 8 %14 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %13, i64 0, i32 42 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.126033* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.129187, %struct.dentry.129187* %1, i64 0, i32 9 %11 = load %struct.super_block.129157*, %struct.super_block.129157** %10, align 8 %12 = getelementptr inbounds %struct.super_block.129157, %struct.super_block.129157* %11, i64 0, i32 36 %13 = load %struct.dentry_operations.129188*, %struct.dentry_operations.129188** %12, align 64 %14 = icmp eq %struct.dentry_operations.129188* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.126033*, %struct.inode.126046*)* @d_add to void (%struct.dentry.129187*, %struct.inode.129184*)*)(%struct.dentry.129187* %1, %struct.inode.129184* null) #69 Function:d_add %3 = icmp eq %struct.inode.126046* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.126033* %0, %struct.inode.126046* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %0, i64 0, i32 3 %11 = load %struct.dentry.126033*, %struct.dentry.126033** %10, align 8 %12 = getelementptr inbounds %struct.dentry.126033, %struct.dentry.126033* %11, i64 0, i32 5 %13 = load %struct.inode.126046*, %struct.inode.126046** %12, align 8 %14 = getelementptr inbounds %struct.inode.126046, %struct.inode.126046* %13, i64 0, i32 42 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.126033* %0) #70 ------------- Good: 80 Bad: 8 Ignored: 115 Check Use of Function:pci_mmap_fits Check Use of Function:__detach_mounts Check Use of Function:jbd2_journal_abort Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl 5 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 tail call void bitcast (void (%struct.journal_s.159065*, i32)* @jbd2_journal_abort to void (%struct.journal_s.166876*, i32)*)(%struct.journal_s.166876* nonnull %6, i32 -5) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_handle_error 1 __ext4_error_inode 2 __ext4_ext_check 3 ext4_ext_precache 4 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %80 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @ext4_handle_error(%struct.super_block.166754* %80) #71 Function:ext4_handle_error %2 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.ext4_sb_info.166893** %4 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %5 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 45 %6 = load %struct.journal_s.166876*, %struct.journal_s.166876** %5, align 16 %7 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %4, i64 0, i32 17 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 33554432 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11 %13 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %14 = load i64, i64* %13, align 16 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %56 %18 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %3, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 17 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 16 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %56 %24 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %18, i64 0, i32 19 %25 = load i32, i32* %24, align 64 %26 = or i32 %25, 2 store i32 %26, i32* %24, align 64 %27 = icmp eq %struct.journal_s.166876* %6, null br i1 %27, label %29, label %28 tail call void bitcast (void (%struct.journal_s.159065*, i32)* @jbd2_journal_abort to void (%struct.journal_s.166876*, i32)*)(%struct.journal_s.166876* nonnull %6, i32 -5) #69 ------------- Good: 242 Bad: 2 Ignored: 297 Check Use of Function:shrink_dcache_parent Check Use of Function:efivar_entry_find Use: =BAD PATH= Call Stack: 0 efivar_entry_set 1 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.547321* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.547321* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 br i1 %64, label %67, label %65 %68 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 3, i64 0 %69 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %70 = load i32, i32* %31, align 1 %71 = zext i32 %70 to i64 %72 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 2 store i64 %71, i64* %72, align 1 %73 = load i32, i32* %21, align 1 %74 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 5 store i32 %73, i32* %74, align 1 br label %125 %126 = phi i64 [ %33, %67 ], [ %90, %124 ] %127 = phi i32 [ %22, %67 ], [ %80, %124 ] %128 = phi i8* [ %34, %67 ], [ %91, %124 ] %129 = tail call i32 @efivar_entry_set(%struct.efivar_entry.547321* nonnull %0, i32 %127, i64 %126, i8* %128, %struct.list_head* null) #70 Function:efivar_entry_set %6 = alloca { i64, i64 }, align 8 %7 = bitcast { i64, i64 }* %6 to %struct.uuid_t* %8 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 0, i64 0 %9 = bitcast { i64, i64 }* %6 to i8* %10 = getelementptr inbounds %struct.efivar_entry.547321, %struct.efivar_entry.547321* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %11 = tail call i32 @down_interruptible(%struct.semaphore* nonnull @efivars_lock) #69 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %49 %14 = load %struct.efivars.547318*, %struct.efivars.547318** @__efivars, align 8 %15 = icmp eq %struct.efivars.547318* %14, null br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.efivars.547318, %struct.efivars.547318* %14, i64 0, i32 2 %19 = load %struct.efivar_operations*, %struct.efivar_operations** %18, align 8 %20 = icmp eq %struct.list_head* %4, null br i1 %20, label %29, label %21 %22 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = tail call %struct.efivar_entry.547321* @efivar_entry_find(i16* %8, i64 %23, i64 %25, %struct.list_head* nonnull %4, i1 zeroext false) #70 ------------- Good: 3 Bad: 1 Ignored: 2 Check Use of Function:ext4_rmdir Check Use of Function:generic_swapfile_activate Check Use of Function:do_md_run Check Use of Function:security_sid_to_context Use: =BAD PATH= Call Stack: 0 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %8 = load %struct.inode.230528*, %struct.inode.230528** %7, align 8 %9 = getelementptr inbounds %struct.inode.230528, %struct.inode.230528* %8, i64 0, i32 8 %10 = load %struct.super_block.230514*, %struct.super_block.230514** %9, align 8 %11 = getelementptr inbounds %struct.super_block.230514, %struct.super_block.230514* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 64 %14 = bitcast i8** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = getelementptr inbounds %struct.inode.230528, %struct.inode.230528* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 10 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 @security_sid_to_context(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #69 ------------- Good: 9 Bad: 1 Ignored: 8 Check Use of Function:shmem_rename2 Check Use of Function:simple_rename Check Use of Function:d_exchange Check Use of Function:scsi_try_host_reset Check Use of Function:vfat_lookup Check Use of Function:dm_pr_clear Check Use of Function:d_invalidate Check Use of Function:kernel_read_file_from_fd Check Use of Function:kernfs_iop_rename Check Use of Function:take_dentry_name_snapshot Check Use of Function:kernel_setsockopt Check Use of Function:__is_local_mountpoint Check Use of Function:xfrm_user_policy Check Use of Function:do_group_exit Use: =BAD PATH= Call Stack: 0 __do_sys_exit_group 1 __se_sys_exit_group 2 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_exit_group 1 __se_sys_exit_group 2 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:path_mountpoint Check Use of Function:bad_inode_rename2 Check Use of Function:nfs_rename Check Use of Function:unhash_mnt Use: =BAD PATH= Call Stack: 0 umount_tree 1 drop_collected_mounts 2 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.127974, %struct.ns_common.127974* %0, i64 -1, i32 2 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = getelementptr inbounds i32, i32* %2, i64 8 %8 = bitcast i32* %7 to %struct.mount.127946** %9 = load %struct.mount.127946*, %struct.mount.127946** %8, align 8 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %9, i64 0, i32 3 tail call void @drop_collected_mounts(%struct.vfsmount.128217* %10) #69 Function:drop_collected_mounts %2 = alloca %struct.hlist_head, align 8 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.128081*)*)(%struct.rw_semaphore.128081* nonnull @namespace_sem) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.vfsmount.128217, %struct.vfsmount.128217* %0, i64 -2, i32 2 %6 = bitcast i32* %5 to %struct.mount.127946* tail call fastcc void @umount_tree(%struct.mount.127946* %6, i32 0) #70 Function:umount_tree %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = and i32 %1, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %10, label %9 %11 = icmp eq %struct.mount.127946* %0, null br i1 %11, label %12, label %15 %16 = bitcast %struct.list_head* %3 to i64* br label %17 %18 = phi %struct.mount.127946* [ %0, %15 ], [ %50, %47 ] %19 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 3, i32 2 %20 = load i32, i32* %19, align 8 %21 = or i32 %20, 134217728 store i32 %21, i32* %19, align 8 %22 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10 %23 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10, i32 1 %24 = load %struct.list_head*, %struct.list_head** %23, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %26 = load %struct.list_head*, %struct.list_head** %25, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %24, %struct.list_head** %27, align 8 %28 = ptrtoint %struct.list_head* %26 to i64 %29 = bitcast %struct.list_head* %24 to i64* store volatile i64 %28, i64* %29, align 8 %30 = load %struct.list_head*, %struct.list_head** %5, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 1 store %struct.list_head* %22, %struct.list_head** %31, align 8 store %struct.list_head* %30, %struct.list_head** %25, align 8 store %struct.list_head* %3, %struct.list_head** %23, align 8 %32 = ptrtoint %struct.list_head* %22 to i64 store volatile i64 %32, i64* %16, align 8 %33 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 6 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %33 br i1 %36, label %37, label %47 %38 = phi %struct.mount.127946* [ %44, %40 ], [ %18, %17 ] %39 = icmp eq %struct.mount.127946* %38, %0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 7, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 1 %44 = load %struct.mount.127946*, %struct.mount.127946** %43, align 8 %45 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %44, i64 0, i32 6 %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %37, label %47 %48 = phi %struct.list_head* [ %35, %17 ], [ %42, %40 ] %49 = getelementptr %struct.list_head, %struct.list_head* %48, i64 -6 %50 = bitcast %struct.list_head* %49 to %struct.mount.127946* %51 = icmp eq %struct.list_head* %49, null br i1 %51, label %54, label %17 %55 = bitcast %struct.list_head* %22 to i8* br label %56 %57 = phi i8* [ %14, %12 ], [ %53, %52 ], [ %55, %54 ] %58 = bitcast i8* %57 to %struct.list_head* %59 = icmp eq %struct.list_head* %3, %58 br i1 %59, label %78, label %60 %61 = phi i8* [ %75, %60 ], [ %57, %56 ] %62 = getelementptr i8, i8* %61, i64 -40 %63 = getelementptr i8, i8* %61, i64 -32 %64 = bitcast i8* %63 to %struct.list_head** %65 = load %struct.list_head*, %struct.list_head** %64, align 8 %66 = bitcast i8* %62 to %struct.list_head** %67 = load %struct.list_head*, %struct.list_head** %66, align 8 %68 = getelementptr inbounds %struct.list_head, %struct.list_head* %67, i64 0, i32 1 store %struct.list_head* %65, %struct.list_head** %68, align 8 %69 = ptrtoint %struct.list_head* %67 to i64 %70 = bitcast %struct.list_head* %65 to i64* store volatile i64 %69, i64* %70, align 8 %71 = ptrtoint i8* %62 to i64 %72 = bitcast i8* %62 to i64* store volatile i64 %71, i64* %72, align 8 %73 = bitcast i8* %63 to i8** store i8* %62, i8** %73, align 8 %74 = bitcast i8* %61 to i8** %75 = load i8*, i8** %74, align 8 %76 = bitcast i8* %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %3, %76 br i1 %77, label %78, label %60 br i1 %8, label %81, label %79 %82 = bitcast %struct.list_head* %3 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = inttoptr i64 %83 to %struct.list_head* %85 = icmp eq %struct.list_head* %3, %84 br i1 %85, label %212, label %86 %87 = and i32 %1, 1 %88 = icmp eq i32 %87, 0 %89 = and i32 %1, 4 %90 = icmp eq i32 %89, 0 br label %91 %92 = phi i64 [ %83, %86 ], [ %209, %208 ] %93 = inttoptr i64 %92 to i8* %94 = getelementptr i8, i8* %93, i64 -136 %95 = bitcast i8* %94 to %struct.mount.127946* %96 = getelementptr i8, i8* %93, i64 16 %97 = getelementptr i8, i8* %93, i64 24 %98 = bitcast i8* %97 to %struct.list_head** %99 = load %struct.list_head*, %struct.list_head** %98, align 8 %100 = bitcast i8* %96 to %struct.list_head** %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 1 store %struct.list_head* %99, %struct.list_head** %102, align 8 %103 = ptrtoint %struct.list_head* %101 to i64 %104 = bitcast %struct.list_head* %99 to i64* store volatile i64 %103, i64* %104, align 8 %105 = ptrtoint i8* %96 to i64 %106 = bitcast i8* %96 to i64* store volatile i64 %105, i64* %106, align 8 %107 = bitcast i8* %97 to i8** store i8* %96, i8** %107, align 8 %108 = getelementptr inbounds i8, i8* %93, i64 8 %109 = bitcast i8* %108 to %struct.list_head** %110 = load %struct.list_head*, %struct.list_head** %109, align 8 %111 = inttoptr i64 %92 to %struct.list_head** %112 = load %struct.list_head*, %struct.list_head** %111, align 8 %113 = getelementptr inbounds %struct.list_head, %struct.list_head* %112, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %113, align 8 %114 = ptrtoint %struct.list_head* %112 to i64 %115 = bitcast %struct.list_head* %110 to i64* store volatile i64 %114, i64* %115, align 8 %116 = inttoptr i64 %92 to i64* store volatile i64 %92, i64* %116, align 8 %117 = bitcast i8* %108 to i8** store i8* %93, i8** %117, align 8 %118 = getelementptr i8, i8* %93, i64 88 %119 = bitcast i8* %118 to %struct.mnt_namespace.127948** %120 = load %struct.mnt_namespace.127948*, %struct.mnt_namespace.127948** %119, align 8 %121 = icmp eq %struct.mnt_namespace.127948* %120, null br i1 %121, label %132, label %122 %123 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 9 %124 = load i32, i32* %123, align 8 %125 = add i32 %124, -1 store i32 %125, i32* %123, align 8 %126 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 8 %127 = load i64, i64* %126, align 8 %128 = load i64, i64* @event, align 8 %129 = icmp eq i64 %127, %128 br i1 %129, label %132, label %130 store i64 %128, i64* %126, align 8 %131 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 7 call void @__wake_up(%struct.wait_queue_head* %131, i32 1, i32 1, i8* null) #69 br label %132 store %struct.mnt_namespace.127948* null, %struct.mnt_namespace.127948** %119, align 8 br i1 %88, label %141, label %133 %142 = getelementptr i8, i8* %93, i64 -120 %143 = bitcast i8* %142 to %struct.mount.127946** %144 = load %struct.mount.127946*, %struct.mount.127946** %143, align 8 %145 = icmp eq %struct.mount.127946* %144, %95 br i1 %145, label %156, label %146 %147 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3, i32 2 %148 = load i32, i32* %147, align 8 %149 = and i32 %148, 134217728 %150 = icmp eq i32 %149, 0 br i1 %150, label %156, label %151 br i1 %90, label %162, label %152 %153 = getelementptr i8, i8* %93, i64 168 %154 = bitcast i8* %153 to %struct.fs_pin* %155 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3 br label %175 %176 = phi %struct.vfsmount.128217* [ %172, %171 ], [ %170, %162 ], [ %155, %152 ] %177 = phi %struct.mount.127946** [ %173, %171 ], [ %143, %162 ], [ %143, %152 ] %178 = phi %struct.fs_pin* [ %174, %171 ], [ %169, %162 ], [ %154, %152 ] %179 = phi i1 [ true, %171 ], [ false, %162 ], [ false, %152 ] %180 = phi %struct.hlist_head* [ @unmounted, %171 ], [ null, %162 ], [ null, %152 ] call void bitcast (void (%struct.fs_pin.132569*, %struct.vfsmount.132466*, %struct.hlist_head*)* @pin_insert_group to void (%struct.fs_pin*, %struct.vfsmount.128217*, %struct.hlist_head*)*)(%struct.fs_pin* %178, %struct.vfsmount.128217* %176, %struct.hlist_head* %180) #69 %181 = getelementptr i8, i8* %93, i64 -120 %182 = bitcast i8* %181 to %struct.mount.127946** %183 = load %struct.mount.127946*, %struct.mount.127946** %182, align 8 %184 = icmp eq %struct.mount.127946* %183, %95 br i1 %184, label %208, label %185 %186 = load %struct.mount.127946*, %struct.mount.127946** %177, align 8 %187 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %186, i64 0, i32 5 %188 = load %struct.util_est*, %struct.util_est** %187, align 8 %189 = getelementptr inbounds %struct.util_est, %struct.util_est* %188, i64 0, i32 0 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* %189, i32 -1, i32* %189) #6, !srcloc !4 br i1 %179, label %202, label %190 %203 = getelementptr i8, i8* %93, i64 -112 %204 = bitcast i8* %203 to i64* %205 = load i64, i64* %204, align 8 %206 = getelementptr i8, i8* %93, i64 240 %207 = bitcast i8* %206 to i64* store i64 %205, i64* %207, align 8 call fastcc void @unhash_mnt(%struct.mount.127946* %95) #69 ------------- Good: 64 Bad: 1 Ignored: 47 Check Use of Function:msdos_rename Check Use of Function:ext4_ext_tree_init Check Use of Function:nfs_rmdir Check Use of Function:autofs_dir_rmdir Check Use of Function:msdos_rmdir Check Use of Function:pin_insert Check Use of Function:vfat_rmdir Check Use of Function:tracefs_syscall_rmdir Check Use of Function:security_msg_queue_associate Use: =BAD PATH= Call Stack: 0 ksys_msgget 1 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %77 = tail call i64 @ksys_msgget(i32 %19, i32 %20) #69 Function:ksys_msgget %3 = alloca %struct.ipc_params, align 8 %4 = bitcast %struct.ipc_params* %3 to i8* %5 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %5, i64 0, i32 85 %7 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %6, align 8 %8 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %7, i64 0, i32 2 %9 = load %struct.ipc_namespace*, %struct.ipc_namespace** %8, align 8 %10 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 store i32 %0, i32* %10, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 store i32 %1, i32* %11, align 4 %12 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %9, i64 0, i32 1, i64 1 %13 = call i32 @ipcget(%struct.ipc_namespace* %9, %struct.ipc_ids* %12, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.46154, %struct.task_struct.46154* %10, i64 0, i32 85 %12 = load %struct.nsproxy.45911*, %struct.nsproxy.45911** %11, align 8 %13 = getelementptr inbounds %struct.nsproxy.45911, %struct.nsproxy.45911* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace*, %struct.ipc_namespace** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:msdos_create Check Use of Function:lookup_user_key Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.20670, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 6291648, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_keyring_ID 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %23 = tail call i64 @keyctl_get_keyring_ID(i32 %18, i32 %19) #69 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %29 = inttoptr i64 %11 to i8* %30 = tail call i64 @keyctl_update_key(i32 %18, i8* %29, i64 %14) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 6291648, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 6291648, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 6291648, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_revoke_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %32 = tail call i64 @keyctl_revoke_key(i32 %18) #69 Function:keyctl_revoke_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %90 = tail call i64 @keyctl_invalidate_key(i32 %18) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %37 = tail call i64 @keyctl_keyring_clear(i32 %18) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_link 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %39 = tail call i64 @keyctl_keyring_link(i32 %18, i32 %19) #69 Function:keyctl_keyring_link %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %41 = tail call i64 @keyctl_keyring_unlink(i32 %18, i32 %19) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %34 = inttoptr i64 %11 to i8* %35 = tail call i64 @keyctl_describe_key(i32 %18, i8* %34, i64 %14) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %47 = inttoptr i64 %11 to i8* %48 = tail call i64 @keyctl_read_key(i32 %18, i8* %47, i64 %14) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %50 = tail call i64 @keyctl_chown_key(i32 %18, i32 %19, i32 %20) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_setperm_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %52 = tail call i64 @keyctl_setperm_key(i32 %18, i32 %19) #69 Function:keyctl_setperm_key %3 = and i32 %1, -1061109568 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %27 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %70 = tail call i64 @keyctl_reject_key(i32 %18, i32 %19, i32 %20, i32 %21) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.226825* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.226825** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.226825**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.226825, %struct.task_struct.226825* %5, i64 0, i32 78 %7 = load %struct.cred.226552*, %struct.cred.226552** %6, align 16 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %67, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %62, label %13 %63 = trunc i32 %11 to i8 %64 = lshr i8 23, %63 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %13, label %67 %14 = getelementptr inbounds %struct.cred.226552, %struct.cred.226552* %7, i64 0, i32 19 %15 = load %struct.key.226547*, %struct.key.226547** %14, align 8 %16 = icmp eq %struct.key.226547* %15, null br i1 %16, label %67, label %17 %18 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.226827** %20 = load %struct.request_key_auth.226827*, %struct.request_key_auth.226827** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.226827, %struct.request_key_auth.226827* %20, i64 0, i32 0 %22 = load %struct.key.226547*, %struct.key.226547** %21, align 8 %23 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %67 %27 = icmp eq i32 %3, 0 br i1 %27, label %49, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %219 = trunc i64 %1 to i32 %220 = trunc i64 %2 to i32 %221 = trunc i64 %3 to i32 %222 = trunc i64 %4 to i32 %223 = tail call i64 @keyctl_reject_key(i32 %219, i32 %220, i32 %221, i32 %222) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.226825* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.226825** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.226825**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.226825, %struct.task_struct.226825* %5, i64 0, i32 78 %7 = load %struct.cred.226552*, %struct.cred.226552** %6, align 16 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %67, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %62, label %13 %63 = trunc i32 %11 to i8 %64 = lshr i8 23, %63 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %13, label %67 %14 = getelementptr inbounds %struct.cred.226552, %struct.cred.226552* %7, i64 0, i32 19 %15 = load %struct.key.226547*, %struct.key.226547** %14, align 8 %16 = icmp eq %struct.key.226547* %15, null br i1 %16, label %67, label %17 %18 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.226827** %20 = load %struct.request_key_auth.226827*, %struct.request_key_auth.226827** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.226827, %struct.request_key_auth.226827* %20, i64 0, i32 0 %22 = load %struct.key.226547*, %struct.key.226547** %21, align 8 %23 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %67 %27 = icmp eq i32 %3, 0 br i1 %27, label %49, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %219 = trunc i64 %1 to i32 %220 = trunc i64 %2 to i32 %221 = trunc i64 %3 to i32 %222 = trunc i64 %4 to i32 %223 = tail call i64 @keyctl_reject_key(i32 %219, i32 %220, i32 %221, i32 %222) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.226825* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.226825** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.226825**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.226825, %struct.task_struct.226825* %5, i64 0, i32 78 %7 = load %struct.cred.226552*, %struct.cred.226552** %6, align 16 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %67, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %62, label %13 %63 = trunc i32 %11 to i8 %64 = lshr i8 23, %63 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %13, label %67 %14 = getelementptr inbounds %struct.cred.226552, %struct.cred.226552* %7, i64 0, i32 19 %15 = load %struct.key.226547*, %struct.key.226547** %14, align 8 %16 = icmp eq %struct.key.226547* %15, null br i1 %16, label %67, label %17 %18 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.226827** %20 = load %struct.request_key_auth.226827*, %struct.request_key_auth.226827** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.226827, %struct.request_key_auth.226827* %20, i64 0, i32 0 %22 = load %struct.key.226547*, %struct.key.226547** %21, align 8 %23 = getelementptr inbounds %struct.key.226547, %struct.key.226547* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %67 %27 = icmp eq i32 %3, 0 br i1 %27, label %49, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %61 = tail call i64 @keyctl_set_timeout(i32 %18, i32 %19) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %206 = trunc i64 %1 to i32 %207 = trunc i64 %2 to i32 %208 = tail call i64 @keyctl_set_timeout(i32 %206, i32 %207) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %206 = trunc i64 %1 to i32 %207 = trunc i64 %2 to i32 %208 = tail call i64 @keyctl_set_timeout(i32 %206, i32 %207) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %65 = inttoptr i64 %11 to i8* %66 = tail call i64 @keyctl_get_security(i32 %18, i8* %65, i64 %14) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %213 = trunc i64 %1 to i32 %214 = inttoptr i64 %2 to i8* %215 = tail call i64 @keyctl_get_security(i32 %213, i8* %214, i64 %3) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %213 = trunc i64 %1 to i32 %214 = inttoptr i64 %2 to i8* %215 = tail call i64 @keyctl_get_security(i32 %213, i8* %214, i64 %3) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %68 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %217 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %217 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %92 = inttoptr i64 %11 to i8* %93 = inttoptr i64 %14 to i8* %94 = tail call i64 @keyctl_restrict_keyring(i32 %18, i8* %92, i8* %93) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %253 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %253 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 32) #69 ------------- Good: 19 Bad: 51 Ignored: 0 Check Use of Function:change_mnt_propagation Use: =BAD PATH= Call Stack: 0 umount_tree 1 drop_collected_mounts 2 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.127974, %struct.ns_common.127974* %0, i64 -1, i32 2 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = getelementptr inbounds i32, i32* %2, i64 8 %8 = bitcast i32* %7 to %struct.mount.127946** %9 = load %struct.mount.127946*, %struct.mount.127946** %8, align 8 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %9, i64 0, i32 3 tail call void @drop_collected_mounts(%struct.vfsmount.128217* %10) #69 Function:drop_collected_mounts %2 = alloca %struct.hlist_head, align 8 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.128081*)*)(%struct.rw_semaphore.128081* nonnull @namespace_sem) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.vfsmount.128217, %struct.vfsmount.128217* %0, i64 -2, i32 2 %6 = bitcast i32* %5 to %struct.mount.127946* tail call fastcc void @umount_tree(%struct.mount.127946* %6, i32 0) #70 Function:umount_tree %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = and i32 %1, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %10, label %9 %11 = icmp eq %struct.mount.127946* %0, null br i1 %11, label %12, label %15 %16 = bitcast %struct.list_head* %3 to i64* br label %17 %18 = phi %struct.mount.127946* [ %0, %15 ], [ %50, %47 ] %19 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 3, i32 2 %20 = load i32, i32* %19, align 8 %21 = or i32 %20, 134217728 store i32 %21, i32* %19, align 8 %22 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10 %23 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10, i32 1 %24 = load %struct.list_head*, %struct.list_head** %23, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %26 = load %struct.list_head*, %struct.list_head** %25, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %24, %struct.list_head** %27, align 8 %28 = ptrtoint %struct.list_head* %26 to i64 %29 = bitcast %struct.list_head* %24 to i64* store volatile i64 %28, i64* %29, align 8 %30 = load %struct.list_head*, %struct.list_head** %5, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 1 store %struct.list_head* %22, %struct.list_head** %31, align 8 store %struct.list_head* %30, %struct.list_head** %25, align 8 store %struct.list_head* %3, %struct.list_head** %23, align 8 %32 = ptrtoint %struct.list_head* %22 to i64 store volatile i64 %32, i64* %16, align 8 %33 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 6 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %33 br i1 %36, label %37, label %47 %38 = phi %struct.mount.127946* [ %44, %40 ], [ %18, %17 ] %39 = icmp eq %struct.mount.127946* %38, %0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 7, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 1 %44 = load %struct.mount.127946*, %struct.mount.127946** %43, align 8 %45 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %44, i64 0, i32 6 %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %37, label %47 %48 = phi %struct.list_head* [ %35, %17 ], [ %42, %40 ] %49 = getelementptr %struct.list_head, %struct.list_head* %48, i64 -6 %50 = bitcast %struct.list_head* %49 to %struct.mount.127946* %51 = icmp eq %struct.list_head* %49, null br i1 %51, label %54, label %17 %55 = bitcast %struct.list_head* %22 to i8* br label %56 %57 = phi i8* [ %14, %12 ], [ %53, %52 ], [ %55, %54 ] %58 = bitcast i8* %57 to %struct.list_head* %59 = icmp eq %struct.list_head* %3, %58 br i1 %59, label %78, label %60 %61 = phi i8* [ %75, %60 ], [ %57, %56 ] %62 = getelementptr i8, i8* %61, i64 -40 %63 = getelementptr i8, i8* %61, i64 -32 %64 = bitcast i8* %63 to %struct.list_head** %65 = load %struct.list_head*, %struct.list_head** %64, align 8 %66 = bitcast i8* %62 to %struct.list_head** %67 = load %struct.list_head*, %struct.list_head** %66, align 8 %68 = getelementptr inbounds %struct.list_head, %struct.list_head* %67, i64 0, i32 1 store %struct.list_head* %65, %struct.list_head** %68, align 8 %69 = ptrtoint %struct.list_head* %67 to i64 %70 = bitcast %struct.list_head* %65 to i64* store volatile i64 %69, i64* %70, align 8 %71 = ptrtoint i8* %62 to i64 %72 = bitcast i8* %62 to i64* store volatile i64 %71, i64* %72, align 8 %73 = bitcast i8* %63 to i8** store i8* %62, i8** %73, align 8 %74 = bitcast i8* %61 to i8** %75 = load i8*, i8** %74, align 8 %76 = bitcast i8* %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %3, %76 br i1 %77, label %78, label %60 br i1 %8, label %81, label %79 %82 = bitcast %struct.list_head* %3 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = inttoptr i64 %83 to %struct.list_head* %85 = icmp eq %struct.list_head* %3, %84 br i1 %85, label %212, label %86 %87 = and i32 %1, 1 %88 = icmp eq i32 %87, 0 %89 = and i32 %1, 4 %90 = icmp eq i32 %89, 0 br label %91 %92 = phi i64 [ %83, %86 ], [ %209, %208 ] %93 = inttoptr i64 %92 to i8* %94 = getelementptr i8, i8* %93, i64 -136 %95 = bitcast i8* %94 to %struct.mount.127946* %96 = getelementptr i8, i8* %93, i64 16 %97 = getelementptr i8, i8* %93, i64 24 %98 = bitcast i8* %97 to %struct.list_head** %99 = load %struct.list_head*, %struct.list_head** %98, align 8 %100 = bitcast i8* %96 to %struct.list_head** %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 1 store %struct.list_head* %99, %struct.list_head** %102, align 8 %103 = ptrtoint %struct.list_head* %101 to i64 %104 = bitcast %struct.list_head* %99 to i64* store volatile i64 %103, i64* %104, align 8 %105 = ptrtoint i8* %96 to i64 %106 = bitcast i8* %96 to i64* store volatile i64 %105, i64* %106, align 8 %107 = bitcast i8* %97 to i8** store i8* %96, i8** %107, align 8 %108 = getelementptr inbounds i8, i8* %93, i64 8 %109 = bitcast i8* %108 to %struct.list_head** %110 = load %struct.list_head*, %struct.list_head** %109, align 8 %111 = inttoptr i64 %92 to %struct.list_head** %112 = load %struct.list_head*, %struct.list_head** %111, align 8 %113 = getelementptr inbounds %struct.list_head, %struct.list_head* %112, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %113, align 8 %114 = ptrtoint %struct.list_head* %112 to i64 %115 = bitcast %struct.list_head* %110 to i64* store volatile i64 %114, i64* %115, align 8 %116 = inttoptr i64 %92 to i64* store volatile i64 %92, i64* %116, align 8 %117 = bitcast i8* %108 to i8** store i8* %93, i8** %117, align 8 %118 = getelementptr i8, i8* %93, i64 88 %119 = bitcast i8* %118 to %struct.mnt_namespace.127948** %120 = load %struct.mnt_namespace.127948*, %struct.mnt_namespace.127948** %119, align 8 %121 = icmp eq %struct.mnt_namespace.127948* %120, null br i1 %121, label %132, label %122 %123 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 9 %124 = load i32, i32* %123, align 8 %125 = add i32 %124, -1 store i32 %125, i32* %123, align 8 %126 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 8 %127 = load i64, i64* %126, align 8 %128 = load i64, i64* @event, align 8 %129 = icmp eq i64 %127, %128 br i1 %129, label %132, label %130 store i64 %128, i64* %126, align 8 %131 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 7 call void @__wake_up(%struct.wait_queue_head* %131, i32 1, i32 1, i8* null) #69 br label %132 store %struct.mnt_namespace.127948* null, %struct.mnt_namespace.127948** %119, align 8 br i1 %88, label %141, label %133 %142 = getelementptr i8, i8* %93, i64 -120 %143 = bitcast i8* %142 to %struct.mount.127946** %144 = load %struct.mount.127946*, %struct.mount.127946** %143, align 8 %145 = icmp eq %struct.mount.127946* %144, %95 br i1 %145, label %156, label %146 %147 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3, i32 2 %148 = load i32, i32* %147, align 8 %149 = and i32 %148, 134217728 %150 = icmp eq i32 %149, 0 br i1 %150, label %156, label %151 br i1 %90, label %162, label %152 %153 = getelementptr i8, i8* %93, i64 168 %154 = bitcast i8* %153 to %struct.fs_pin* %155 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3 br label %175 %176 = phi %struct.vfsmount.128217* [ %172, %171 ], [ %170, %162 ], [ %155, %152 ] %177 = phi %struct.mount.127946** [ %173, %171 ], [ %143, %162 ], [ %143, %152 ] %178 = phi %struct.fs_pin* [ %174, %171 ], [ %169, %162 ], [ %154, %152 ] %179 = phi i1 [ true, %171 ], [ false, %162 ], [ false, %152 ] %180 = phi %struct.hlist_head* [ @unmounted, %171 ], [ null, %162 ], [ null, %152 ] call void bitcast (void (%struct.fs_pin.132569*, %struct.vfsmount.132466*, %struct.hlist_head*)* @pin_insert_group to void (%struct.fs_pin*, %struct.vfsmount.128217*, %struct.hlist_head*)*)(%struct.fs_pin* %178, %struct.vfsmount.128217* %176, %struct.hlist_head* %180) #69 %181 = getelementptr i8, i8* %93, i64 -120 %182 = bitcast i8* %181 to %struct.mount.127946** %183 = load %struct.mount.127946*, %struct.mount.127946** %182, align 8 %184 = icmp eq %struct.mount.127946* %183, %95 br i1 %184, label %208, label %185 call void @change_mnt_propagation(%struct.mount.127946* %95, i32 262144) #69 ------------- Good: 23 Bad: 1 Ignored: 23 Check Use of Function:blk_execute_rq Use: =BAD PATH= Call Stack: 0 bsg_ioctl ------------- Path:  Function:bsg_ioctl %4 = alloca %struct.sg_io_v4, align 8 %5 = getelementptr inbounds %struct.file.264090, %struct.file.264090* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.bsg_device** %7 = load %struct.bsg_device*, %struct.bsg_device** %6, align 8 %8 = inttoptr i64 %2 to i32* switch i32 %1, label %211 [ i32 8816, label %9 i32 8817, label %14 i32 8834, label %31 i32 21378, label %31 i32 21382, label %31 i32 8705, label %31 i32 8706, label %31 i32 8818, label %31 i32 8821, label %31 i32 8707, label %31 i32 1, label %31 i32 8837, label %39 ] %40 = bitcast %struct.sg_io_v4* %4 to i8* %41 = inttoptr i64 %2 to i8* %42 = call i64 @_copy_from_user(i8* nonnull %40, i8* %41, i64 160) #69 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %209 %45 = getelementptr inbounds %struct.bsg_device, %struct.bsg_device* %7, i64 0, i32 0 %46 = load %struct.request_queue.263977*, %struct.request_queue.263977** %45, align 8 %47 = getelementptr inbounds %struct.file.264090, %struct.file.264090* %0, i64 0, i32 8 %48 = load i32, i32* %47, align 4 %49 = getelementptr inbounds %struct.request_queue.263977, %struct.request_queue.263977* %46, i64 0, i32 78, i32 0 %50 = load %struct.device.263915*, %struct.device.263915** %49, align 8 %51 = icmp eq %struct.device.263915* %50, null br i1 %51, label %166, label %52 %53 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 81 br i1 %55, label %56, label %166 %57 = getelementptr inbounds %struct.request_queue.263977, %struct.request_queue.263977* %46, i64 0, i32 78, i32 3 %58 = load %struct.bsg_ops.263974*, %struct.bsg_ops.263974** %57, align 8 %59 = getelementptr inbounds %struct.bsg_ops.263974, %struct.bsg_ops.263974* %58, i64 0, i32 0 %60 = load i32 (%struct.sg_io_v4*)*, i32 (%struct.sg_io_v4*)** %59, align 8 %61 = call i32 %60(%struct.sg_io_v4* nonnull %4) #69 %62 = icmp eq i32 %61, 0 br i1 %62, label %66, label %63 %64 = sext i32 %61 to i64 %65 = inttoptr i64 %64 to %struct.request.263930* br label %163 %164 = phi %struct.request.263930* [ %65, %63 ], [ %162, %156 ], [ %71, %66 ], [ %71, %134 ], [ %71, %128 ] %165 = icmp ugt %struct.request.263930* %164, inttoptr (i64 -4096 to %struct.request.263930*) br i1 %165, label %166, label %169 %170 = getelementptr inbounds %struct.request.263930, %struct.request.263930* %164, i64 0, i32 9 %171 = load %struct.bio.263989*, %struct.bio.263989** %170, align 8 %172 = getelementptr inbounds %struct.request.263930, %struct.request.263930* %164, i64 0, i32 32 %173 = load %struct.request.263930*, %struct.request.263930** %172, align 8 %174 = icmp eq %struct.request.263930* %173, null br i1 %174, label %178, label %175 %179 = phi %struct.bio.263989* [ %177, %175 ], [ null, %169 ] %180 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 18 %181 = load i32, i32* %180, align 4 %182 = lshr i32 %181, 4 %183 = and i32 %182, 1 %184 = xor i32 %183, 1 %185 = load %struct.request_queue.263977*, %struct.request_queue.263977** %45, align 8 call void bitcast (void (%struct.request_queue.251458*, %struct.gendisk.251466*, %struct.request.251405*, i32)* @blk_execute_rq to void (%struct.request_queue.263977*, %struct.gendisk.263985*, %struct.request.263930*, i32)*)(%struct.request_queue.263977* %185, %struct.gendisk.263985* null, %struct.request.263930* %164, i32 %184) #69 ------------- Good: 6 Bad: 1 Ignored: 1 Check Use of Function:security_inode_unlink Check Use of Function:netdev_master_upper_dev_get Check Use of Function:bad_inode_unlink Check Use of Function:autofs_dir_unlink Check Use of Function:ip6_route_del Check Use of Function:static_key_slow_dec Check Use of Function:bitmap_free Check Use of Function:nfs_unlink Check Use of Function:simple_unlink Check Use of Function:msdos_unlink Check Use of Function:exit_sem Check Use of Function:proc_ptrace_connector Check Use of Function:security_kernel_load_data Check Use of Function:unlock_mount Check Use of Function:signal_wake_up_state Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = alloca %struct.wait_opts, align 8 %3 = alloca %struct.rusage, align 8 %4 = alloca %struct.ist_info, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %8 to i32 %18 = inttoptr i64 %11 to %struct.compat_siginfo* %19 = trunc i64 %13 to i32 %20 = inttoptr i64 %16 to %struct.compat_rusage* %21 = bitcast %struct.rusage* %3 to i8* %22 = bitcast %struct.ist_info* %4 to i8* %23 = icmp eq i64 %16, 0 %24 = select i1 %23, %struct.rusage* null, %struct.rusage* %3 %25 = bitcast %struct.wait_opts* %2 to i8* %26 = and i32 %19, 520093680 %27 = icmp ne i32 %26, 0 %28 = and i32 %19, 14 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %40, label %31 %32 = trunc i64 %6 to i32 switch i32 %32, label %40 [ i32 0, label %41 i32 1, label %33 i32 2, label %35 ] %36 = icmp slt i32 %17, 1 br i1 %36, label %40, label %37 %38 = phi i32 [ 0, %33 ], [ 2, %35 ] %39 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %17) #69 br label %41 %42 = phi i32 [ %38, %37 ], [ 4, %31 ] %43 = phi %struct.pid.40929* [ %39, %37 ], [ null, %31 ] %44 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 0 store i32 %42, i32* %44, align 8 %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 2 store %struct.pid.40929* %43, %struct.pid.40929** %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 1 store i32 %19, i32* %46, align 4 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 3 store %struct.ist_info* %4, %struct.ist_info** %47, align 8 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 5 store %struct.rusage* %24, %struct.rusage** %48, align 8 %49 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %2) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 __se_sys_waitid 4 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 __se_sys_waitid 4 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.39605* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 50 %9 = bitcast %struct.task_struct.39605** %8 to i64* %10 = load i64, i64* %9, align 32 %11 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %12 = bitcast %struct.task_struct.39605** %11 to i64* store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 56, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 76 %24 = load %struct.cred.39299*, %struct.cred.39299** %23, align 32 store %struct.cred.39299* null, %struct.cred.39299** %23, align 32 %25 = icmp eq %struct.cred.39299* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 87 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 8 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.39605* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.39605* %0) #69 %36 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %42 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %41, align 64 %43 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %53 = load i64, i64* %52, align 64 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 64 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 40 %61 = load i64, i64* %60, align 64 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.39605* %0, i32 8) #69 ------------- Good: 15 Bad: 8 Ignored: 35 Check Use of Function:send_sig_info Check Use of Function:uart_startup Check Use of Function:set_blocksize Check Use of Function:fib_table_lookup Use: =BAD PATH= Call Stack: 0 __ip_do_redirect 1 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 39 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.631313*, %struct.net_device.631313** %9, align 8 %11 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.631192* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i32 %55, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 call fastcc void @__ip_do_redirect(%struct.rtable.631321* %56, %struct.sk_buff.631221* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.631327, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 32 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 33 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.631313*, %struct.net_device.631313** %28, align 8 %30 = bitcast %struct.fib_result.631327* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %289 %36 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = icmp eq i32 %37, %27 br i1 %38, label %39, label %289 %40 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 67 %41 = bitcast %struct.in_device.631272** %40 to i64* %42 = load volatile i64, i64* %41, align 8 %43 = inttoptr i64 %42 to %struct.in_device.631272* %44 = icmp eq i64 %42, 0 br i1 %44, label %289, label %45 %46 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 107, i32 0 %47 = load %struct.net.630923*, %struct.net.630923** %46, align 8 %48 = icmp eq i32 %19, %27 br i1 %48, label %259, label %49 %50 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 0 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 %53 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 0 %54 = load %struct.net_device.631313*, %struct.net_device.631313** %53, align 8 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.630923*, %struct.net.630923** %55, align 8 %57 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %56, i64 0, i32 33, i32 5 %58 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %57, align 8 %59 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 3 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, 0 br i1 %52, label %67, label %62 br i1 %61, label %259, label %63 %64 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 3 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %259, label %72 %73 = and i32 %19, 240 %74 = icmp eq i32 %73, 224 %75 = icmp eq i32 %19, -1 %76 = or i1 %75, %74 %77 = and i32 %19, 255 %78 = icmp eq i32 %77, 0 %79 = or i1 %78, %76 br i1 %79, label %259, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 @inet_addr_type(%struct.net.630923* %47, i32 %19) #69 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %259 %111 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.631313*, %struct.net_device.631313** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %112, i64 0, i32 34 %114 = load i32, i32* %113, align 8 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.630880** getelementptr inbounds (%struct.neigh_table.630881, %struct.neigh_table.630881* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i64 0, i32 25) to i64*), align 8 %119 = inttoptr i64 %118 to %struct.neigh_hash_table.630880* %120 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 2, i64 0 %121 = ptrtoint %struct.net_device.631313* %112 to i64 %122 = lshr i64 %121, 32 %123 = xor i64 %122, %121 %124 = trunc i64 %123 to i32 %125 = xor i32 %117, %124 %126 = load i32, i32* %120, align 4 %127 = mul i32 %125, %126 %128 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 1 %129 = load i32, i32* %128, align 8 %130 = sub i32 32, %129 %131 = lshr i32 %127, %130 %132 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 0 %133 = load %struct.neighbour.630884**, %struct.neighbour.630884*** %132, align 8 %134 = zext i32 %131 to i64 %135 = getelementptr %struct.neighbour.630884*, %struct.neighbour.630884** %133, i64 %134 %136 = bitcast %struct.neighbour.630884** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = inttoptr i64 %137 to %struct.neighbour.630884* %139 = icmp eq i64 %137, 0 br i1 %139, label %156, label %140 %141 = phi %struct.neighbour.630884* [ %154, %151 ], [ %138, %110 ] %142 = phi i64 [ %153, %151 ], [ %137, %110 ] %143 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 22 %144 = load %struct.net_device.631313*, %struct.net_device.631313** %143, align 8 %145 = icmp eq %struct.net_device.631313* %144, %112 br i1 %145, label %146, label %151 %147 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 23, i64 0 %148 = bitcast i8* %147 to i32* %149 = load i32, i32* %148, align 8 %150 = icmp eq i32 %149, %117 br i1 %150, label %156, label %151 %157 = phi %struct.neighbour.630884* [ %138, %110 ], [ %141, %146 ] %158 = icmp eq %struct.neighbour.630884* %157, null br i1 %158, label %176, label %159 %160 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %157, i64 0, i32 6, i32 0, i32 0 %161 = load volatile i32, i32* %160, align 4 %162 = icmp eq i32 %161, 0 br i1 %162, label %176, label %163, !prof !6, !misexpect !7 %164 = phi i32 [ %174, %173 ], [ %161, %159 ] %165 = icmp ult i32 %164, 2147483647 br i1 %165, label %167, label %166, !prof !8, !misexpect !7 %168 = add nuw nsw i32 %164, 1 %169 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %160, i32 %168, i32* %160, i32 %164) #6, !srcloc !10 %170 = extractvalue { i8, i32 } %169, 0 %171 = and i8 %170, 1 %172 = icmp eq i8 %171, 0 br i1 %172, label %173, label %179, !prof !6, !misexpect !7 tail call fastcc void @local_bh_enable.56947() #69 br label %180 %181 = phi %struct.neighbour.630884* [ %157, %179 ], [ %178, %176 ] %182 = bitcast %struct.neighbour.630884* %181 to i8* %183 = icmp ugt %struct.neighbour.630884* %181, inttoptr (i64 -4096 to %struct.neighbour.630884*) br i1 %183, label %289, label %184 %185 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %47, i64 0, i32 33, i32 10 %202 = load i8, i8* %201, align 8, !range !11 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %207 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %7, i64 0, i32 5 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %47, i64 0, i32 33, i32 12 %209 = bitcast %struct.fib_table** %208 to i64* %210 = load volatile i64, i64* %209, align 8 %211 = icmp eq i64 %210, 0 br i1 %211, label %216, label %212 %213 = inttoptr i64 %210 to %struct.fib_table* %214 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %213, %struct.flowi4* %2, %struct.fib_result.631327* nonnull %7, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ip_do_redirect 1 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 39 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.631313*, %struct.net_device.631313** %9, align 8 %11 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.631192* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i32 %55, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 call fastcc void @__ip_do_redirect(%struct.rtable.631321* %56, %struct.sk_buff.631221* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.631327, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 32 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 33 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.631313*, %struct.net_device.631313** %28, align 8 %30 = bitcast %struct.fib_result.631327* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %289 %36 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = icmp eq i32 %37, %27 br i1 %38, label %39, label %289 %40 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 67 %41 = bitcast %struct.in_device.631272** %40 to i64* %42 = load volatile i64, i64* %41, align 8 %43 = inttoptr i64 %42 to %struct.in_device.631272* %44 = icmp eq i64 %42, 0 br i1 %44, label %289, label %45 %46 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 107, i32 0 %47 = load %struct.net.630923*, %struct.net.630923** %46, align 8 %48 = icmp eq i32 %19, %27 br i1 %48, label %259, label %49 %50 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 0 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 %53 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 0 %54 = load %struct.net_device.631313*, %struct.net_device.631313** %53, align 8 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.630923*, %struct.net.630923** %55, align 8 %57 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %56, i64 0, i32 33, i32 5 %58 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %57, align 8 %59 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 3 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, 0 br i1 %52, label %67, label %62 br i1 %61, label %259, label %63 %64 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 3 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %259, label %72 %73 = and i32 %19, 240 %74 = icmp eq i32 %73, 224 %75 = icmp eq i32 %19, -1 %76 = or i1 %75, %74 %77 = and i32 %19, 255 %78 = icmp eq i32 %77, 0 %79 = or i1 %78, %76 br i1 %79, label %259, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 @inet_addr_type(%struct.net.630923* %47, i32 %19) #69 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %259 %111 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.631313*, %struct.net_device.631313** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %112, i64 0, i32 34 %114 = load i32, i32* %113, align 8 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.630880** getelementptr inbounds (%struct.neigh_table.630881, %struct.neigh_table.630881* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.650242*, i32*)*, i1 (%struct.neighbour.649831*, i8*)*, i32 (%struct.neighbour.649831*)*, i32 (%struct.pneigh_entry.649818*)*, void (%struct.pneigh_entry.649818*)*, void (%struct.sk_buff.650150*)*, i8*, %struct.neigh_parms.649819, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.649822, %struct.kuid_t, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.649827*, %struct.pneigh_entry.649818** }* @arp_tbl to %struct.neigh_table.630881*), i64 0, i32 25) to i64*), align 8 %119 = inttoptr i64 %118 to %struct.neigh_hash_table.630880* %120 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 2, i64 0 %121 = ptrtoint %struct.net_device.631313* %112 to i64 %122 = lshr i64 %121, 32 %123 = xor i64 %122, %121 %124 = trunc i64 %123 to i32 %125 = xor i32 %117, %124 %126 = load i32, i32* %120, align 4 %127 = mul i32 %125, %126 %128 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 1 %129 = load i32, i32* %128, align 8 %130 = sub i32 32, %129 %131 = lshr i32 %127, %130 %132 = getelementptr inbounds %struct.neigh_hash_table.630880, %struct.neigh_hash_table.630880* %119, i64 0, i32 0 %133 = load %struct.neighbour.630884**, %struct.neighbour.630884*** %132, align 8 %134 = zext i32 %131 to i64 %135 = getelementptr %struct.neighbour.630884*, %struct.neighbour.630884** %133, i64 %134 %136 = bitcast %struct.neighbour.630884** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = inttoptr i64 %137 to %struct.neighbour.630884* %139 = icmp eq i64 %137, 0 br i1 %139, label %156, label %140 %141 = phi %struct.neighbour.630884* [ %154, %151 ], [ %138, %110 ] %142 = phi i64 [ %153, %151 ], [ %137, %110 ] %143 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 22 %144 = load %struct.net_device.631313*, %struct.net_device.631313** %143, align 8 %145 = icmp eq %struct.net_device.631313* %144, %112 br i1 %145, label %146, label %151 %147 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %141, i64 0, i32 23, i64 0 %148 = bitcast i8* %147 to i32* %149 = load i32, i32* %148, align 8 %150 = icmp eq i32 %149, %117 br i1 %150, label %156, label %151 %157 = phi %struct.neighbour.630884* [ %138, %110 ], [ %141, %146 ] %158 = icmp eq %struct.neighbour.630884* %157, null br i1 %158, label %176, label %159 %160 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %157, i64 0, i32 6, i32 0, i32 0 %161 = load volatile i32, i32* %160, align 4 %162 = icmp eq i32 %161, 0 br i1 %162, label %176, label %163, !prof !6, !misexpect !7 %164 = phi i32 [ %174, %173 ], [ %161, %159 ] %165 = icmp ult i32 %164, 2147483647 br i1 %165, label %167, label %166, !prof !8, !misexpect !7 %168 = add nuw nsw i32 %164, 1 %169 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %160, i32 %168, i32* %160, i32 %164) #6, !srcloc !10 %170 = extractvalue { i8, i32 } %169, 0 %171 = and i8 %170, 1 %172 = icmp eq i8 %171, 0 br i1 %172, label %173, label %179, !prof !6, !misexpect !7 tail call fastcc void @local_bh_enable.56947() #69 br label %180 %181 = phi %struct.neighbour.630884* [ %157, %179 ], [ %178, %176 ] %182 = bitcast %struct.neighbour.630884* %181 to i8* %183 = icmp ugt %struct.neighbour.630884* %181, inttoptr (i64 -4096 to %struct.neighbour.630884*) br i1 %183, label %289, label %184 %185 = getelementptr inbounds %struct.neighbour.630884, %struct.neighbour.630884* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %47, i64 0, i32 33, i32 10 %202 = load i8, i8* %201, align 8, !range !11 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %207 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %7, i64 0, i32 5 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %47, i64 0, i32 33, i32 12 %209 = bitcast %struct.fib_table** %208 to i64* %210 = load volatile i64, i64* %209, align 8 %211 = icmp eq i64 %210, 0 br i1 %211, label %216, label %212 %213 = inttoptr i64 %210 to %struct.fib_table* %214 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %213, %struct.flowi4* %2, %struct.fib_result.631327* nonnull %7, i32 1) #69 %215 = icmp eq i32 %214, 0 br i1 %215, label %229, label %216 %217 = phi i32 [ %214, %212 ], [ -101, %206 ] %218 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %47, i64 0, i32 33, i32 13 %219 = bitcast %struct.fib_table** %218 to i64* %220 = load volatile i64, i64* %219, align 8 %221 = icmp eq i64 %220, 0 br i1 %221, label %225, label %222 %223 = inttoptr i64 %220 to %struct.fib_table* %224 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %223, %struct.flowi4* %2, %struct.fib_result.631327* nonnull %7, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ip_rt_update_pmtu 1 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.631221* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.631313*, %struct.net_device.631313** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 38 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 33 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %11, i64 0, i32 22 %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.631192* %1, null br i1 %27, label %57, label %28 %29 = bitcast %struct.sock.631192* %1 to %struct.inet_sock.631352* %30 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 30 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.631352, %struct.inet_sock.631352* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.631164** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %53 %49 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 42 %50 = load i32, i32* %49, align 8 %51 = lshr i32 %50, 8 %52 = trunc i32 %51 to i8 br label %53 %54 = phi i8 [ -1, %28 ], [ %52, %48 ] %55 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 52, i32 0 %56 = load i32, i32* %55, align 8 br label %57 %58 = phi i32 [ %31, %53 ], [ %19, %9 ] %59 = phi i8 [ %42, %53 ], [ %22, %9 ] %60 = phi i8 [ %54, %53 ], [ %24, %9 ] %61 = phi i32 [ %33, %53 ], [ %26, %9 ] %62 = phi i32 [ %56, %53 ], [ 0, %9 ] %63 = getelementptr inbounds i8, i8* %17, i64 16 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds i8, i8* %17, i64 12 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %58, i32* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %61, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %59, i8* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %73, align 1 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %60, i8* %74, align 2 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %77, align 8 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i32 %62, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %65, i32* %79, align 4 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %68, i32* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %82 = bitcast %struct.kuid_t* %81 to %struct.nlattr* %83 = bitcast %struct.kuid_t* %81 to i16* store i16 0, i16* %83, align 8 %84 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %82, i64 0, i32 1 store i16 0, i16* %84, align 2 br label %151 %152 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.631321* %152, %struct.flowi4* nonnull %6, i32 %3) #69 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.631313*, %struct.net_device.631313** %5, align 8 %7 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %6, i64 0, i32 107, i32 0 %8 = load %struct.net.630923*, %struct.net.630923** %7, align 8 %9 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 8 %10 = load i32, i32* %9, align 4 %11 = lshr i32 %10, 1 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 %14 = load volatile i64, i64* @jiffies, align 64 %15 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = sub i64 %14, %16 %18 = icmp sgt i64 %17, -1 br i1 %18, label %19, label %43 %44 = phi i32 [ %25, %19 ], [ %29, %32 ], [ %42, %36 ], [ %11, %13 ] %45 = icmp ult i32 %44, 65535 %46 = select i1 %45, i32 %44, i32 65535 %47 = bitcast %struct.fib_result.631327* %4 to i8* %48 = and i32 %10, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %126 %51 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 2 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -4 %54 = inttoptr i64 %53 to i32* %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 4 %57 = icmp ne i32 %56, 0 %58 = icmp ult i32 %46, %2 %59 = or i1 %58, %57 br i1 %59, label %126, label %60 %61 = load i32, i32* @ip_rt_min_pmtu, align 4 %62 = icmp ugt i32 %61, %2 %63 = icmp ult i32 %46, %61 %64 = select i1 %63, i32 %46, i32 %61 %65 = select i1 %62, i32 %64, i32 %2 %66 = icmp ne i32 %11, %65 %67 = or i1 %62, %66 br i1 %67, label %78, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %79 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %8, i64 0, i32 33, i32 10 %80 = load i8, i8* %79, align 8, !range !7 %81 = icmp eq i8 %80, 0 br i1 %81, label %84, label %82 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %85 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %4, i64 0, i32 5 store i32 0, i32* %85, align 8 %86 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %8, i64 0, i32 33, i32 12 %87 = bitcast %struct.fib_table** %86 to i64* %88 = load volatile i64, i64* %87, align 8 %89 = icmp eq i64 %88, 0 br i1 %89, label %94, label %90 %91 = inttoptr i64 %88 to %struct.fib_table* %92 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %91, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ip_rt_update_pmtu 1 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.631221* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.631313*, %struct.net_device.631313** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 38 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 33 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %11, i64 0, i32 22 %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.631192* %1, null br i1 %27, label %57, label %28 %29 = bitcast %struct.sock.631192* %1 to %struct.inet_sock.631352* %30 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 30 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.631352, %struct.inet_sock.631352* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.631164** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %53 %49 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 42 %50 = load i32, i32* %49, align 8 %51 = lshr i32 %50, 8 %52 = trunc i32 %51 to i8 br label %53 %54 = phi i8 [ -1, %28 ], [ %52, %48 ] %55 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %1, i64 0, i32 52, i32 0 %56 = load i32, i32* %55, align 8 br label %57 %58 = phi i32 [ %31, %53 ], [ %19, %9 ] %59 = phi i8 [ %42, %53 ], [ %22, %9 ] %60 = phi i8 [ %54, %53 ], [ %24, %9 ] %61 = phi i32 [ %33, %53 ], [ %26, %9 ] %62 = phi i32 [ %56, %53 ], [ 0, %9 ] %63 = getelementptr inbounds i8, i8* %17, i64 16 %64 = bitcast i8* %63 to i32* %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds i8, i8* %17, i64 12 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %58, i32* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %61, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %59, i8* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %73, align 1 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %60, i8* %74, align 2 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %77, align 8 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i32 %62, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %65, i32* %79, align 4 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %68, i32* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %82 = bitcast %struct.kuid_t* %81 to %struct.nlattr* %83 = bitcast %struct.kuid_t* %81 to i16* store i16 0, i16* %83, align 8 %84 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %82, i64 0, i32 1 store i16 0, i16* %84, align 2 br label %151 %152 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.631321* %152, %struct.flowi4* nonnull %6, i32 %3) #69 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.631313*, %struct.net_device.631313** %5, align 8 %7 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %6, i64 0, i32 107, i32 0 %8 = load %struct.net.630923*, %struct.net.630923** %7, align 8 %9 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 8 %10 = load i32, i32* %9, align 4 %11 = lshr i32 %10, 1 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 %14 = load volatile i64, i64* @jiffies, align 64 %15 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = sub i64 %14, %16 %18 = icmp sgt i64 %17, -1 br i1 %18, label %19, label %43 %44 = phi i32 [ %25, %19 ], [ %29, %32 ], [ %42, %36 ], [ %11, %13 ] %45 = icmp ult i32 %44, 65535 %46 = select i1 %45, i32 %44, i32 65535 %47 = bitcast %struct.fib_result.631327* %4 to i8* %48 = and i32 %10, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %126 %51 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 0, i32 2 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -4 %54 = inttoptr i64 %53 to i32* %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 4 %57 = icmp ne i32 %56, 0 %58 = icmp ult i32 %46, %2 %59 = or i1 %58, %57 br i1 %59, label %126, label %60 %61 = load i32, i32* @ip_rt_min_pmtu, align 4 %62 = icmp ugt i32 %61, %2 %63 = icmp ult i32 %46, %61 %64 = select i1 %63, i32 %46, i32 %61 %65 = select i1 %62, i32 %64, i32 %2 %66 = icmp ne i32 %11, %65 %67 = or i1 %62, %66 br i1 %67, label %78, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %79 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %8, i64 0, i32 33, i32 10 %80 = load i8, i8* %79, align 8, !range !7 %81 = icmp eq i8 %80, 0 br i1 %81, label %84, label %82 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %85 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %4, i64 0, i32 5 store i32 0, i32* %85, align 8 %86 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %8, i64 0, i32 33, i32 12 %87 = bitcast %struct.fib_table** %86 to i64* %88 = load volatile i64, i64* %87, align 8 %89 = icmp eq i64 %88, 0 br i1 %89, label %94, label %90 %91 = inttoptr i64 %88 to %struct.fib_table* %92 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %91, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, i32 1) #69 %93 = icmp eq i32 %92, 0 br i1 %93, label %107, label %94 %95 = phi i32 [ %92, %90 ], [ -101, %84 ] %96 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %8, i64 0, i32 33, i32 13 %97 = bitcast %struct.fib_table** %96 to i64* %98 = load volatile i64, i64* %97, align 8 %99 = icmp eq i64 %98, 0 br i1 %99, label %103, label %100 %101 = inttoptr i64 %98 to %struct.fib_table* %102 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %101, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_route_output_key_hash_rcu 1 ip_route_output_flow 2 ipip6_tunnel_bind_dev 3 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %76 = load i32, i32* %7, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %90 %79 = and i32 %61, 240 %80 = icmp eq i32 %79, 224 br i1 %80, label %81, label %86 %87 = icmp eq i32 %61, 0 br i1 %87, label %88, label %90 %91 = phi %struct.net_device.631313* [ %47, %75 ], [ %47, %81 ], [ %47, %86 ], [ %47, %88 ], [ null, %43 ] %92 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %93 = load i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %103 %104 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 10 %105 = load i8, i8* %104, align 8, !range !4 %106 = icmp eq i8 %105, 0 br i1 %106, label %109, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %110 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %110, align 8 %111 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 12 %112 = bitcast %struct.fib_table** %111 to i64* %113 = load volatile i64, i64* %112, align 8 %114 = icmp eq i64 %113, 0 br i1 %114, label %119, label %115 %116 = inttoptr i64 %113 to %struct.fib_table* %117 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %116, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_route_output_key_hash_rcu 1 ip_route_output_flow 2 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %76 = load i32, i32* %7, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %90 %79 = and i32 %61, 240 %80 = icmp eq i32 %79, 224 br i1 %80, label %81, label %86 %87 = icmp eq i32 %61, 0 br i1 %87, label %88, label %90 %91 = phi %struct.net_device.631313* [ %47, %75 ], [ %47, %81 ], [ %47, %86 ], [ %47, %88 ], [ null, %43 ] %92 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %93 = load i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %103 %104 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 10 %105 = load i8, i8* %104, align 8, !range !4 %106 = icmp eq i8 %105, 0 br i1 %106, label %109, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %110 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %110, align 8 %111 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 12 %112 = bitcast %struct.fib_table** %111 to i64* %113 = load volatile i64, i64* %112, align 8 %114 = icmp eq i64 %113, 0 br i1 %114, label %119, label %115 %116 = inttoptr i64 %113 to %struct.fib_table* %117 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %116, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_route_output_key_hash_rcu 1 ip_route_output_flow 2 ipip6_tunnel_bind_dev 3 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %76 = load i32, i32* %7, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %90 %79 = and i32 %61, 240 %80 = icmp eq i32 %79, 224 br i1 %80, label %81, label %86 %87 = icmp eq i32 %61, 0 br i1 %87, label %88, label %90 %91 = phi %struct.net_device.631313* [ %47, %75 ], [ %47, %81 ], [ %47, %86 ], [ %47, %88 ], [ null, %43 ] %92 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %93 = load i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %103 %104 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 10 %105 = load i8, i8* %104, align 8, !range !4 %106 = icmp eq i8 %105, 0 br i1 %106, label %109, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %110 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %110, align 8 %111 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 12 %112 = bitcast %struct.fib_table** %111 to i64* %113 = load volatile i64, i64* %112, align 8 %114 = icmp eq i64 %113, 0 br i1 %114, label %119, label %115 %116 = inttoptr i64 %113 to %struct.fib_table* %117 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %116, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %132, label %119 %120 = phi i32 [ %117, %115 ], [ -101, %109 ] %121 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 13 %122 = bitcast %struct.fib_table** %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = icmp eq i64 %123, 0 br i1 %124, label %128, label %125 %126 = inttoptr i64 %123 to %struct.fib_table* %127 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %126, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_route_output_key_hash_rcu 1 ip_route_output_flow 2 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %76 = load i32, i32* %7, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %90 %79 = and i32 %61, 240 %80 = icmp eq i32 %79, 224 br i1 %80, label %81, label %86 %87 = icmp eq i32 %61, 0 br i1 %87, label %88, label %90 %91 = phi %struct.net_device.631313* [ %47, %75 ], [ %47, %81 ], [ %47, %86 ], [ %47, %88 ], [ null, %43 ] %92 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %93 = load i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %103 %104 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 10 %105 = load i8, i8* %104, align 8, !range !4 %106 = icmp eq i8 %105, 0 br i1 %106, label %109, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %110 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %110, align 8 %111 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 12 %112 = bitcast %struct.fib_table** %111 to i64* %113 = load volatile i64, i64* %112, align 8 %114 = icmp eq i64 %113, 0 br i1 %114, label %119, label %115 %116 = inttoptr i64 %113 to %struct.fib_table* %117 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %116, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %132, label %119 %120 = phi i32 [ %117, %115 ], [ -101, %109 ] %121 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 13 %122 = bitcast %struct.fib_table** %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = icmp eq i64 %123, 0 br i1 %124, label %128, label %125 %126 = inttoptr i64 %123 to %struct.fib_table* %127 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %126, %struct.flowi4* %1, %struct.fib_result.631327* %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 inet_addr_type_dev_table 1 __inet6_bind ------------- Path:  Function:__inet6_bind %6 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %0, i64 0, i32 0, i32 4 %7 = load volatile i8, i8* %6, align 2 %8 = zext i8 %7 to i32 %9 = shl nuw i32 1, %8 %10 = and i32 %9, -4161 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12 %17 = phi i8* [ %15, %12 ], [ null, %5 ] %18 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %0, i64 0, i32 0, i32 9, i32 0 %19 = load %struct.net.630923*, %struct.net.630923** %18, align 8 %20 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 4 %22 = icmp eq i16 %21, 10 br i1 %22, label %23, label %220 %24 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %25 = bitcast i8* %24 to %struct.in6_addr* %26 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %25) #69 %27 = and i32 %26, 65535 %28 = and i32 %26, 2 %29 = icmp eq i32 %28, 0 br i1 %29, label %35, label %30 %36 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1 %37 = bitcast [14 x i8]* %36 to i16* %38 = load i16, i16* %37, align 2 %40 = icmp eq i16 %38, 0 br i1 %40, label %50, label %41 br i1 %4, label %51, label %52 tail call void bitcast (void (%struct.sock.230350*, i32)* @lock_sock_nested to void (%struct.sock.631192*, i32)*)(%struct.sock.631192* %0, i32 0) #69 br label %52 %53 = load volatile i8, i8* %6, align 2 %54 = icmp eq i8 %53, 7 br i1 %54, label %55, label %215 %56 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %0, i64 0, i32 0, i32 2 %57 = bitcast %struct.kuid_t* %56 to %struct.nlattr* %58 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %57, i64 0, i32 1 %59 = load i16, i16* %58, align 2 %60 = icmp eq i16 %59, 0 br i1 %60, label %61, label %215 %62 = trunc i32 %26 to i16 switch i16 %62, label %103 [ i16 4096, label %63 i16 0, label %148 ] %64 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %0, i64 0, i32 0, i32 5 %65 = load i8, i8* %64, align 1 %66 = and i8 %65, 32 %67 = icmp eq i8 %66, 0 br i1 %67, label %68, label %215 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %69 = getelementptr inbounds %struct.sock.631192, %struct.sock.631192* %0, i64 0, i32 0, i32 6 %70 = load i32, i32* %69, align 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %19, i32 %70) #69 %74 = icmp eq %struct.net_device.631313* %73, null br i1 %74, label %218, label %75 %76 = phi %struct.net_device.631313* [ %73, %72 ], [ null, %68 ] %77 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 18 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = tail call i32 @inet_addr_type_dev_table(%struct.net.630923* %19, %struct.net_device.631313* %76, i32 %79) #69 Function:inet_addr_type_dev_table %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.fib_result.631327, align 8 %6 = bitcast %struct.flowi4* %4 to i8* %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %2, i32* %7, align 4 %8 = bitcast %struct.fib_result.631327* %5 to i8* %9 = and i32 %2, 255 %10 = icmp eq i32 %9, 0 %11 = icmp eq i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %47, label %13 %14 = and i32 %2, 240 %15 = icmp eq i32 %14, 224 br i1 %15, label %47, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 15 %18 = load %struct.hlist_head*, %struct.hlist_head** %17, align 8 %19 = getelementptr %struct.hlist_head, %struct.hlist_head* %18, i64 255, i32 0 %20 = bitcast %struct.hlist_node** %19 to i64* %21 = load volatile i64, i64* %20, align 8 %22 = inttoptr i64 %21 to %struct.fib_table* %23 = icmp eq i64 %21, 0 br i1 %23, label %35, label %24 %25 = phi %struct.fib_table* [ %33, %30 ], [ %22, %16 ] %26 = phi i64 [ %32, %30 ], [ %21, %16 ] %27 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %25, i64 0, i32 1 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 255 br i1 %29, label %35, label %30 %36 = phi %struct.fib_table* [ %22, %16 ], [ %25, %24 ] %37 = icmp eq %struct.fib_table* %36, null br i1 %37, label %45, label %38 %39 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %36, %struct.flowi4* nonnull %4, %struct.fib_result.631327* nonnull %5, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 inet_addr_type 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 39 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.631313*, %struct.net_device.631313** %9, align 8 %11 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %2, i64 0, i32 26, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.631192* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i32 %55, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 call fastcc void @__ip_do_redirect(%struct.rtable.631321* %56, %struct.sk_buff.631221* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.631327, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 32 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 33 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.631313*, %struct.net_device.631313** %28, align 8 %30 = bitcast %struct.fib_result.631327* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %289 %36 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = icmp eq i32 %37, %27 br i1 %38, label %39, label %289 %40 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 67 %41 = bitcast %struct.in_device.631272** %40 to i64* %42 = load volatile i64, i64* %41, align 8 %43 = inttoptr i64 %42 to %struct.in_device.631272* %44 = icmp eq i64 %42, 0 br i1 %44, label %289, label %45 %46 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %29, i64 0, i32 107, i32 0 %47 = load %struct.net.630923*, %struct.net.630923** %46, align 8 %48 = icmp eq i32 %19, %27 br i1 %48, label %259, label %49 %50 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 0 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 %53 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 0 %54 = load %struct.net_device.631313*, %struct.net_device.631313** %53, align 8 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.630923*, %struct.net.630923** %55, align 8 %57 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %56, i64 0, i32 33, i32 5 %58 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %57, align 8 %59 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 3 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, 0 br i1 %52, label %67, label %62 br i1 %61, label %259, label %63 %64 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 3 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %259, label %72 %73 = and i32 %19, 240 %74 = icmp eq i32 %73, 224 %75 = icmp eq i32 %19, -1 %76 = or i1 %75, %74 %77 = and i32 %19, 255 %78 = icmp eq i32 %77, 0 %79 = or i1 %78, %76 br i1 %79, label %259, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %58, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %43, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 @inet_addr_type(%struct.net.630923* %47, i32 %19) #69 Function:inet_addr_type %3 = alloca %struct.flowi4, align 8 %4 = alloca %struct.fib_result.631327, align 8 %5 = bitcast %struct.flowi4* %3 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %1, i32* %6, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = and i32 %1, 255 %9 = icmp eq i32 %8, 0 %10 = icmp eq i32 %1, -1 %11 = or i1 %10, %9 br i1 %11, label %46, label %12 %13 = and i32 %1, 240 %14 = icmp eq i32 %13, 224 br i1 %14, label %46, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 15 %17 = load %struct.hlist_head*, %struct.hlist_head** %16, align 8 %18 = getelementptr %struct.hlist_head, %struct.hlist_head* %17, i64 255, i32 0 %19 = bitcast %struct.hlist_node** %18 to i64* %20 = load volatile i64, i64* %19, align 8 %21 = inttoptr i64 %20 to %struct.fib_table* %22 = icmp eq i64 %20, 0 br i1 %22, label %34, label %23 %24 = phi %struct.fib_table* [ %32, %29 ], [ %21, %15 ] %25 = phi i64 [ %31, %29 ], [ %20, %15 ] %26 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %24, i64 0, i32 1 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 255 br i1 %28, label %34, label %29 %35 = phi %struct.fib_table* [ %21, %15 ], [ %24, %23 ] %36 = icmp eq %struct.fib_table* %35, null br i1 %36, label %44, label %37 %38 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %35, %struct.flowi4* nonnull %3, %struct.fib_result.631327* nonnull %4, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 inet_addr_type 1 __ip_options_compile 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 39 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 7 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.631313*, %struct.net_device.631313** %78, align 8 %80 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.630923*, %struct.net.630923** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.630923* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.631221* %0, i32* null) #69 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.631221* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.631321* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.631321* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %192 = load i8, i8* %36, align 1 %193 = icmp eq i8 %192, 0 br i1 %193, label %194, label %376 %195 = icmp ult i8 %95, 4 br i1 %195, label %366, label %196 %197 = getelementptr i8, i8* %47, i64 2 %198 = load i8, i8* %197, align 1 %199 = zext i8 %198 to i32 %200 = icmp ult i8 %198, 5 br i1 %200, label %376, label %201 %202 = icmp ugt i8 %198, %95 br i1 %202, label %292, label %203 %204 = add nuw nsw i32 %199, 3 %205 = icmp ugt i32 %204, %96 br i1 %205, label %376, label %206 %207 = getelementptr i8, i8* %47, i64 3 %208 = load i8, i8* %207, align 1 %209 = and i8 %208, 15 %210 = zext i8 %209 to i32 switch i32 %210, label %266 [ i32 0, label %211 i32 1, label %219 i32 3, label %244 ] %245 = add nuw nsw i32 %199, 7 %246 = icmp ugt i32 %245, %96 br i1 %246, label %376, label %247 %248 = add nsw i32 %199, -1 %249 = zext i32 %248 to i64 %250 = getelementptr i8, i8* %47, i64 %249 %251 = bitcast i8* %250 to i32* %252 = load i32, i32* %251, align 1 %253 = call i32 @inet_addr_type(%struct.net.630923* %0, i32 %252) #69 Function:inet_addr_type %3 = alloca %struct.flowi4, align 8 %4 = alloca %struct.fib_result.631327, align 8 %5 = bitcast %struct.flowi4* %3 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %1, i32* %6, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = and i32 %1, 255 %9 = icmp eq i32 %8, 0 %10 = icmp eq i32 %1, -1 %11 = or i1 %10, %9 br i1 %11, label %46, label %12 %13 = and i32 %1, 240 %14 = icmp eq i32 %13, 224 br i1 %14, label %46, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 33, i32 15 %17 = load %struct.hlist_head*, %struct.hlist_head** %16, align 8 %18 = getelementptr %struct.hlist_head, %struct.hlist_head* %17, i64 255, i32 0 %19 = bitcast %struct.hlist_node** %18 to i64* %20 = load volatile i64, i64* %19, align 8 %21 = inttoptr i64 %20 to %struct.fib_table* %22 = icmp eq i64 %20, 0 br i1 %22, label %34, label %23 %24 = phi %struct.fib_table* [ %32, %29 ], [ %21, %15 ] %25 = phi i64 [ %31, %29 ], [ %20, %15 ] %26 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %24, i64 0, i32 1 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 255 br i1 %28, label %34, label %29 %35 = phi %struct.fib_table* [ %21, %15 ], [ %24, %23 ] %36 = icmp eq %struct.fib_table* %35, null br i1 %36, label %44, label %37 %38 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %35, %struct.flowi4* nonnull %3, %struct.fib_result.631327* nonnull %4, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 fib_compute_spec_dst 1 __ip_options_compile 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 39 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 7 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.631313*, %struct.net_device.631313** %78, align 8 %80 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.630923*, %struct.net.630923** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.630923* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.631221* %0, i32* null) #69 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.631221* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.631321* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.631321* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %142 = load i8, i8* %39, align 2 %143 = icmp eq i8 %142, 0 br i1 %143, label %144, label %376 %145 = icmp ult i8 %95, 3 br i1 %145, label %360, label %146 %147 = getelementptr i8, i8* %47, i64 2 %148 = load i8, i8* %147, align 1 %149 = zext i8 %148 to i32 %150 = icmp ult i8 %148, 4 br i1 %150, label %362, label %151 %152 = icmp ugt i8 %148, %95 br i1 %152, label %186, label %153 %154 = add nuw nsw i32 %149, 3 %155 = icmp ugt i32 %154, %96 br i1 %155, label %364, label %156 br i1 %38, label %177, label %157 %158 = icmp eq i32 %45, 0 br i1 %158, label %159, label %164 %160 = call i32 @fib_compute_spec_dst(%struct.sk_buff.631221* %2) #69 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result.631327, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.631313*, %struct.net_device.631313** %4, align 8 %6 = bitcast %struct.fib_result.631327* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.631321* %11 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %5, i64 0, i32 67 %27 = bitcast %struct.in_device.631272** %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = inttoptr i64 %28 to %struct.in_device.631272* %30 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %5, i64 0, i32 107, i32 0 %31 = load %struct.net.630923*, %struct.net.630923** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %33 = load i8*, i8** %32, align 8 %34 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %35 = load i16, i16* %34, align 4 %36 = zext i16 %35 to i64 %37 = getelementptr i8, i8* %33, i64 %36 %38 = getelementptr inbounds i8, i8* %37, i64 12 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 255 %42 = icmp eq i32 %41, 0 br i1 %42, label %145, label %43 %44 = icmp eq i64 %28, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %29, i64 0, i32 0 %47 = load %struct.net_device.631313*, %struct.net_device.631313** %46, align 8 %48 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 107, i32 0 %49 = load %struct.net.630923*, %struct.net.630923** %48, align 8 %50 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %49, i64 0, i32 33, i32 5 %51 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %50, align 8 %52 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %51, i64 0, i32 1, i64 23 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %59 %60 = phi i1 [ false, %43 ], [ true, %45 ], [ %58, %55 ] %61 = bitcast %struct.flowi4* %3 to i8* %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %60, label %65, label %68 %69 = phi i32 [ %67, %65 ], [ 0, %59 ] store i32 %69, i32* %64, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %71 = getelementptr inbounds i8, i8* %37, i64 1 %72 = load i8, i8* %71, align 1 %73 = and i8 %72, 28 store i8 %73, i8* %70, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %77, align 8 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %79 = load i32, i32* %39, align 4 store i32 %79, i32* %78, align 4 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %80, align 8 %81 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %31, i64 0, i32 33, i32 10 %82 = load i8, i8* %81, align 8, !range !4 %83 = icmp eq i8 %82, 0 br i1 %83, label %86, label %84 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %87 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %31, i64 0, i32 33, i32 12 %89 = bitcast %struct.fib_table** %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = icmp eq i64 %90, 0 br i1 %91, label %96, label %92 %93 = inttoptr i64 %90 to %struct.fib_table* %94 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %93, %struct.flowi4* nonnull %3, %struct.fib_result.631327* nonnull %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 fib_compute_spec_dst 1 __ip_options_compile 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 39 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 7 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.631221*, i32)*)(%struct.sk_buff.631221* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.631313*, %struct.net_device.631313** %78, align 8 %80 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.630923*, %struct.net.630923** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.630923* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.631221* %0, i32* null) #69 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.631221* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.631321* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.631321* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %142 = load i8, i8* %39, align 2 %143 = icmp eq i8 %142, 0 br i1 %143, label %144, label %376 %145 = icmp ult i8 %95, 3 br i1 %145, label %360, label %146 %147 = getelementptr i8, i8* %47, i64 2 %148 = load i8, i8* %147, align 1 %149 = zext i8 %148 to i32 %150 = icmp ult i8 %148, 4 br i1 %150, label %362, label %151 %152 = icmp ugt i8 %148, %95 br i1 %152, label %186, label %153 %154 = add nuw nsw i32 %149, 3 %155 = icmp ugt i32 %154, %96 br i1 %155, label %364, label %156 br i1 %38, label %177, label %157 %158 = icmp eq i32 %45, 0 br i1 %158, label %159, label %164 %160 = call i32 @fib_compute_spec_dst(%struct.sk_buff.631221* %2) #69 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result.631327, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.631313*, %struct.net_device.631313** %4, align 8 %6 = bitcast %struct.fib_result.631327* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.631321* %11 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %5, i64 0, i32 67 %27 = bitcast %struct.in_device.631272** %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = inttoptr i64 %28 to %struct.in_device.631272* %30 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %5, i64 0, i32 107, i32 0 %31 = load %struct.net.630923*, %struct.net.630923** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 38 %33 = load i8*, i8** %32, align 8 %34 = getelementptr inbounds %struct.sk_buff.631221, %struct.sk_buff.631221* %0, i64 0, i32 33 %35 = load i16, i16* %34, align 4 %36 = zext i16 %35 to i64 %37 = getelementptr i8, i8* %33, i64 %36 %38 = getelementptr inbounds i8, i8* %37, i64 12 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 255 %42 = icmp eq i32 %41, 0 br i1 %42, label %145, label %43 %44 = icmp eq i64 %28, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %29, i64 0, i32 0 %47 = load %struct.net_device.631313*, %struct.net_device.631313** %46, align 8 %48 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 107, i32 0 %49 = load %struct.net.630923*, %struct.net.630923** %48, align 8 %50 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %49, i64 0, i32 33, i32 5 %51 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %50, align 8 %52 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %51, i64 0, i32 1, i64 23 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %59 %60 = phi i1 [ false, %43 ], [ true, %45 ], [ %58, %55 ] %61 = bitcast %struct.flowi4* %3 to i8* %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %60, label %65, label %68 %69 = phi i32 [ %67, %65 ], [ 0, %59 ] store i32 %69, i32* %64, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %71 = getelementptr inbounds i8, i8* %37, i64 1 %72 = load i8, i8* %71, align 1 %73 = and i8 %72, 28 store i8 %73, i8* %70, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %77, align 8 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %79 = load i32, i32* %39, align 4 store i32 %79, i32* %78, align 4 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %80, align 8 %81 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %31, i64 0, i32 33, i32 10 %82 = load i8, i8* %81, align 8, !range !4 %83 = icmp eq i8 %82, 0 br i1 %83, label %86, label %84 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %87 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %2, i64 0, i32 5 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %31, i64 0, i32 33, i32 12 %89 = bitcast %struct.fib_table** %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = icmp eq i64 %90, 0 br i1 %91, label %96, label %92 %93 = inttoptr i64 %90 to %struct.fib_table* %94 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %93, %struct.flowi4* nonnull %3, %struct.fib_result.631327* nonnull %2, i32 1) #69 %95 = icmp eq i32 %94, 0 br i1 %95, label %109, label %96 %97 = phi i32 [ %94, %92 ], [ -101, %86 ] %98 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %31, i64 0, i32 33, i32 13 %99 = bitcast %struct.fib_table** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = icmp eq i64 %100, 0 br i1 %101, label %105, label %102 %103 = inttoptr i64 %100 to %struct.fib_table* %104 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %103, %struct.flowi4* nonnull %3, %struct.fib_result.631327* nonnull %2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ip_dev_find 1 ip_route_output_key_hash_rcu 2 ip_route_output_flow 3 ipip6_tunnel_bind_dev 4 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %28 = tail call %struct.net_device.631313* @__ip_dev_find(%struct.net.630923* %0, i32 %8, i1 zeroext false) #69 Function:__ip_dev_find %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.fib_result.651567, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 3 %7 = load i32, i32* %6, align 4 %8 = xor i32 %7, %1 %9 = mul i32 %8, 1640531527 %10 = lshr i32 %9, 24 %11 = zext i32 %10 to i64 %12 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @inet_addr_lst, i64 0, i64 %11, i32 0 %13 = bitcast %struct.hlist_node** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_ifaddr.631269* %16 = icmp eq i64 %14, 0 br i1 %16, label %36, label %17 %18 = phi %struct.in_ifaddr.631269* [ %34, %31 ], [ %15, %3 ] %19 = phi i64 [ %33, %31 ], [ %14, %3 ] %20 = getelementptr inbounds %struct.in_ifaddr.631269, %struct.in_ifaddr.631269* %18, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %1 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.in_ifaddr.631269, %struct.in_ifaddr.631269* %18, i64 0, i32 2 %25 = load %struct.in_device.631272*, %struct.in_device.631272** %24, align 8 %26 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %25, i64 0, i32 0 %27 = load %struct.net_device.631313*, %struct.net_device.631313** %26, align 8 %28 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %27, i64 0, i32 107, i32 0 %29 = load %struct.net.630923*, %struct.net.630923** %28, align 8 %30 = icmp eq %struct.net.630923* %29, %0 br i1 %30, label %36, label %31 %32 = inttoptr i64 %19 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.in_ifaddr.631269* %35 = icmp eq i64 %33, 0 br i1 %35, label %39, label %17 %40 = bitcast %struct.flowi4* %4 to i8* %41 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %1, i32* %41, align 4 %42 = bitcast %struct.fib_result.651567* %5 to i8* %43 = tail call %struct.fib_table* @fib_get_table(%struct.net.630923* %0, i32 255) #69 %44 = icmp eq %struct.fib_table* %43, null br i1 %44, label %60, label %45 %46 = call i32 bitcast (i32 (%struct.fib_table*, %struct.flowi4*, %struct.fib_result.631327*, i32)* @fib_table_lookup to i32 (%struct.fib_table*, %struct.flowi4*, %struct.fib_result.651567*, i32)*)(%struct.fib_table* nonnull %43, %struct.flowi4* nonnull %4, %struct.fib_result.651567* nonnull %5, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ip_dev_find 1 ip_route_output_key_hash_rcu 2 ip_route_output_flow 3 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %28 = tail call %struct.net_device.631313* @__ip_dev_find(%struct.net.630923* %0, i32 %8, i1 zeroext false) #69 Function:__ip_dev_find %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.fib_result.651567, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %0, i64 0, i32 3 %7 = load i32, i32* %6, align 4 %8 = xor i32 %7, %1 %9 = mul i32 %8, 1640531527 %10 = lshr i32 %9, 24 %11 = zext i32 %10 to i64 %12 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @inet_addr_lst, i64 0, i64 %11, i32 0 %13 = bitcast %struct.hlist_node** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_ifaddr.631269* %16 = icmp eq i64 %14, 0 br i1 %16, label %36, label %17 %18 = phi %struct.in_ifaddr.631269* [ %34, %31 ], [ %15, %3 ] %19 = phi i64 [ %33, %31 ], [ %14, %3 ] %20 = getelementptr inbounds %struct.in_ifaddr.631269, %struct.in_ifaddr.631269* %18, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %1 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.in_ifaddr.631269, %struct.in_ifaddr.631269* %18, i64 0, i32 2 %25 = load %struct.in_device.631272*, %struct.in_device.631272** %24, align 8 %26 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %25, i64 0, i32 0 %27 = load %struct.net_device.631313*, %struct.net_device.631313** %26, align 8 %28 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %27, i64 0, i32 107, i32 0 %29 = load %struct.net.630923*, %struct.net.630923** %28, align 8 %30 = icmp eq %struct.net.630923* %29, %0 br i1 %30, label %36, label %31 %32 = inttoptr i64 %19 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.in_ifaddr.631269* %35 = icmp eq i64 %33, 0 br i1 %35, label %39, label %17 %40 = bitcast %struct.flowi4* %4 to i8* %41 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %1, i32* %41, align 4 %42 = bitcast %struct.fib_result.651567* %5 to i8* %43 = tail call %struct.fib_table* @fib_get_table(%struct.net.630923* %0, i32 255) #69 %44 = icmp eq %struct.fib_table* %43, null br i1 %44, label %60, label %45 %46 = call i32 bitcast (i32 (%struct.fib_table*, %struct.flowi4*, %struct.fib_result.631327*, i32)* @fib_table_lookup to i32 (%struct.fib_table*, %struct.flowi4*, %struct.fib_result.651567*, i32)*)(%struct.fib_table* nonnull %43, %struct.flowi4* nonnull %4, %struct.fib_result.651567* nonnull %5, i32 1) #69 ------------- Good: 325 Bad: 15 Ignored: 1187 Check Use of Function:llist_add_batch Use: =BAD PATH= Call Stack: 0 __put_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %5 = getelementptr inbounds %struct.path.152821, %struct.path.152821* %0, i64 0, i32 1 %6 = load %struct.dentry.152819*, %struct.dentry.152819** %5, align 8 %7 = getelementptr inbounds %struct.dentry.152819, %struct.dentry.152819* %6, i64 0, i32 5 %8 = load %struct.inode.152815*, %struct.inode.152815** %7, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = getelementptr %struct.inode.152815, %struct.inode.152815* %8, i64 -1, i32 40, i32 12, i32 1 %10 = bitcast %struct.list_head** %9 to %struct.pid** %11 = load %struct.pid*, %struct.pid** %10, align 8 %12 = tail call %struct.task_struct.152773* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.152773* (%struct.pid*, i32)*)(%struct.pid* %11, i32 0) #69 %13 = icmp eq %struct.task_struct.152773* %12, null br i1 %13, label %27, label %14 %28 = phi %struct.net.152719* [ %24, %23 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void bitcast (void (%struct.inode.39644*, %struct.kstat*)* @generic_fillattr to void (%struct.inode.152815*, %struct.kstat*)*)(%struct.inode.152815* %8, %struct.kstat* %1) #69 %29 = icmp eq %struct.net.152719* %28, null br i1 %29, label %41, label %30 %31 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %28, i64 0, i32 13 %32 = load %struct.proc_dir_entry.152614*, %struct.proc_dir_entry.152614** %31, align 8 %33 = getelementptr inbounds %struct.proc_dir_entry.152614, %struct.proc_dir_entry.152614* %32, i64 0, i32 13 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.kstat, %struct.kstat* %1, i64 0, i32 2 store i32 %34, i32* %35, align 8 %36 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %28, i64 0, i32 1, i32 0, i32 0 %37 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32* %36) #6, !srcloc !9 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* nonnull %28) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.586381, %struct.net.586381* %0, i64 0, i32 7 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.55341) #69 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.152516** %5 = load %struct.seq_file.152516*, %struct.seq_file.152516** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.152516, %struct.seq_file.152516* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.net.152719** %8 = load %struct.net.152719*, %struct.net.152719** %7, align 8 %9 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %8, i64 0, i32 1, i32 0, i32 0 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* %8) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.586381, %struct.net.586381* %0, i64 0, i32 7 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.55341) #69 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.152516** %5 = load %struct.seq_file.152516*, %struct.seq_file.152516** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.152516, %struct.seq_file.152516* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.seq_net_private** %8 = load %struct.seq_net_private*, %struct.seq_net_private** %7, align 8 %9 = getelementptr inbounds %struct.seq_net_private, %struct.seq_net_private* %8, i64 0, i32 0 %10 = load %struct.net.152719*, %struct.net.152719** %9, align 8 %11 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %10, i64 0, i32 1, i32 0, i32 0 %12 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32* %11) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %16, label %15 tail call void bitcast (void (%struct.net.586381*)* @__put_net to void (%struct.net.152719*)*)(%struct.net.152719* %10) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.586381, %struct.net.586381* %0, i64 0, i32 7 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.55341) #69 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common.586408, %struct.ns_common.586408* %0, i64 -5, i32 1 %3 = bitcast %struct.proc_ns_operations.586407** %2 to %struct.net.586381* %4 = getelementptr inbounds %struct.net.586381, %struct.net.586381* %3, i64 0, i32 1, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %15, label %8 %9 = getelementptr inbounds %struct.proc_ns_operations.586407*, %struct.proc_ns_operations.586407** %2, i64 7 %10 = bitcast %struct.proc_ns_operations.586407** %9 to %struct.llist_node* %11 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %10, %struct.llist_node* %10, %struct.llist_node* nonnull @cleanup_list.55341) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_context_getparam_ioctl ------------- Path:  Function:i915_gem_context_getparam_ioctl %4 = getelementptr inbounds %struct.drm_file.356545, %struct.drm_file.356545* %2, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.drm_i915_file_private** %6 = load %struct.drm_i915_file_private*, %struct.drm_i915_file_private** %5, align 8 %7 = bitcast i8* %1 to i32* %8 = load i32, i32* %7, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_file_private, %struct.drm_i915_file_private* %6, i64 0, i32 3 %10 = zext i32 %8 to i64 %11 = tail call i8* @idr_find(%struct.idr* %9, i64 %10) #69 %12 = icmp eq i8* %11, null br i1 %12, label %31, label %13 %14 = getelementptr inbounds i8, i8* %11, i64 64 %15 = bitcast i8* %14 to i32* %16 = load volatile i32, i32* %15, align 4 %17 = icmp eq i32 %16, 0 br i1 %17, label %31, label %18, !prof !5, !misexpect !6 %19 = phi i32 [ %29, %28 ], [ %16, %13 ] %20 = icmp ult i32 %19, 2147483647 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 %23 = add nuw nsw i32 %19, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %23, i32* %15, i32 %19) #6, !srcloc !9 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %32, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %33 = getelementptr inbounds i8, i8* %1, i64 4 %34 = bitcast i8* %33 to i32* store i32 0, i32* %34, align 4 %35 = getelementptr inbounds i8, i8* %1, i64 8 %36 = bitcast i8* %35 to i64* %37 = load i64, i64* %36, align 8 switch i64 %37, label %84 [ i64 6, label %75 i64 2, label %38 i64 3, label %43 i64 4, label %63 i64 5, label %69 ] %39 = getelementptr inbounds i8, i8* %11, i64 88 %40 = bitcast i8* %39 to i64* %41 = load i64, i64* %40, align 8 %42 = and i64 %41, 1 br label %80 %81 = phi i64 [ %50, %48 ], [ %62, %59 ], [ %58, %56 ], [ %79, %75 ], [ %74, %69 ], [ %68, %63 ], [ %42, %38 ] %82 = getelementptr inbounds i8, i8* %1, i64 16 %83 = bitcast i8* %82 to i64* store i64 %81, i64* %83, align 8 br label %84 %85 = phi i32 [ -22, %32 ], [ 0, %80 ] %86 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32* %15) #6, !srcloc !11 %87 = and i8 %86, 1 %88 = icmp eq i8 %87, 0 br i1 %88, label %125, label %89 %90 = bitcast i8* %11 to %struct.i915_gem_context* %91 = bitcast i8* %11 to %struct.drm_i915_private** %92 = load %struct.drm_i915_private*, %struct.drm_i915_private** %91, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_context_free to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@i915_gem_context_getparam_ioctl, %93)) #6 to label %115 [label %93], !srcloc !12 %94 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !13 %95 = zext i32 %94 to i64 %96 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %95) #6, !srcloc !14 %97 = and i8 %96, 1 %98 = icmp eq i8 %97, 0 br i1 %98, label %115, label %99 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %100 = load volatile i64, i64* bitcast (%struct.tracepoint_func** getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_context_free to %struct.tracepoint*), i64 0, i32 4) to i64*), align 8 %101 = icmp eq i64 %100, 0 br i1 %101, label %114, label %102 %103 = inttoptr i64 %100 to %struct.tracepoint_func* br label %104 %105 = phi %struct.tracepoint_func* [ %110, %104 ], [ %103, %102 ] %106 = bitcast %struct.tracepoint_func* %105 to void (i8*, %struct.i915_gem_context*)** %107 = load void (i8*, %struct.i915_gem_context*)*, void (i8*, %struct.i915_gem_context*)** %106, align 8 %108 = getelementptr inbounds %struct.tracepoint_func, %struct.tracepoint_func* %105, i64 0, i32 1 %109 = load i8*, i8** %108, align 8 tail call void %107(i8* %109, %struct.i915_gem_context* nonnull %90) #69 %110 = getelementptr %struct.tracepoint_func, %struct.tracepoint_func* %105, i64 1 %111 = getelementptr inbounds %struct.tracepoint_func, %struct.tracepoint_func* %110, i64 0, i32 0 %112 = load i8*, i8** %111, align 8 %113 = icmp eq i8* %112, null br i1 %113, label %114, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %115 %116 = getelementptr i8, i8* %11, i64 56 %117 = bitcast i8* %116 to %struct.llist_node* %118 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %92, i64 0, i32 114, i32 1 %119 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %117, %struct.llist_node* %117, %struct.llist_node* %118) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = alloca %struct.wait_opts, align 8 %3 = alloca %struct.rusage, align 8 %4 = alloca %struct.ist_info, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %8 to i32 %18 = inttoptr i64 %11 to %struct.compat_siginfo* %19 = trunc i64 %13 to i32 %20 = inttoptr i64 %16 to %struct.compat_rusage* %21 = bitcast %struct.rusage* %3 to i8* %22 = bitcast %struct.ist_info* %4 to i8* %23 = icmp eq i64 %16, 0 %24 = select i1 %23, %struct.rusage* null, %struct.rusage* %3 %25 = bitcast %struct.wait_opts* %2 to i8* %26 = and i32 %19, 520093680 %27 = icmp ne i32 %26, 0 %28 = and i32 %19, 14 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %40, label %31 %32 = trunc i64 %6 to i32 switch i32 %32, label %40 [ i32 0, label %41 i32 1, label %33 i32 2, label %35 ] %36 = icmp slt i32 %17, 1 br i1 %36, label %40, label %37 %38 = phi i32 [ 0, %33 ], [ 2, %35 ] %39 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %17) #69 br label %41 %42 = phi i32 [ %38, %37 ], [ 4, %31 ] %43 = phi %struct.pid.40929* [ %39, %37 ], [ null, %31 ] %44 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 0 store i32 %42, i32* %44, align 8 %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 2 store %struct.pid.40929* %43, %struct.pid.40929** %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 1 store i32 %19, i32* %46, align 4 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 3 store %struct.ist_info* %4, %struct.ist_info** %47, align 8 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 5 store %struct.rusage* %24, %struct.rusage** %48, align 8 %49 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %2) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 kernel_wait4 9 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 kernel_wait4 9 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 kernel_wait4 9 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 kernel_wait4 9 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 kernel_wait4 9 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 __se_sys_waitid 9 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 do_notify_parent 6 wait_consider_task 7 do_wait 8 __se_sys_waitid 9 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 prepare_signal 4 __send_signal 5 force_sig_info 6 force_sig 7 signal_fault 8 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %22 = bitcast %struct.cpumask* %20 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 8, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 store i64 %24, i64* %21, align 8 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %25 = extractvalue { i32, i64 } %23, 0 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 %31 = extractvalue { i32, i64 } %30, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !13, !misexpect !14 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 46, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 32 %37 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !16 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !17 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !18 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !19 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !20 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !21 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !22 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !23 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !24 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !25 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !26 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !27 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !28 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !29 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !30 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !31 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !32 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !33 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !34 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !35 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !36 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.10885* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !38 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1141, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void bitcast (void (i32, %struct.task_struct.39605*)* @force_sig to void (i32, %struct.task_struct.10885*)*)(i32 11, %struct.task_struct.10885* %4) #69 Function:force_sig %3 = tail call i32 @force_sig_info(i32 %0, %struct.siginfo* nonnull inttoptr (i64 1 to %struct.siginfo*), %struct.task_struct.39605* %1) #69 Function:force_sig_info %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %5 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %6 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %5, i64 0, i32 2, i32 0, i32 0 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %6) #69 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %9 = add i32 %0, -1 %10 = sext i32 %9 to i64 %11 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 1, i64 %10, i32 0, i32 0 %12 = load void (i32)*, void (i32)** %11, align 8 %13 = icmp eq void (i32)* %12, inttoptr (i64 1 to void (i32)*) %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 88, i32 0, i64 0 %15 = load i64, i64* %14, align 8 %16 = zext i32 %9 to i64 %17 = shl nuw i64 1, %16 %18 = and i64 %15, %17 %19 = icmp ne i64 %18, 0 %20 = or i1 %13, %19 br i1 %20, label %21, label %48 store void (i32)* null, void (i32)** %11, align 8 br i1 %19, label %22, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 5 %53 = load i32, i32* %52, align 8 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %61 %62 = icmp eq %struct.siginfo* %1, null br i1 %62, label %69, label %63 %64 = icmp ugt %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) br i1 %64, label %65, label %75 %76 = phi i32 [ 0, %65 ], [ %74, %69 ], [ 0, %63 ] %77 = tail call fastcc i32 @__send_signal(i32 %0, %struct.siginfo* %1, %struct.task_struct.39605* %2, i32 0, i32 %76) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %173 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %174 = and i8 %173, 1 %175 = icmp eq i8 %174, 0 br i1 %175, label %180, label %183, !prof !14, !misexpect !15 %184 = phi i32 [ %182, %180 ], [ %158, %176 ], [ %158, %172 ] %185 = load volatile i32, i32* %35, align 4 %186 = icmp eq i32 %185, %184 br i1 %186, label %189, label %187 %190 = phi i32 [ %188, %187 ], [ %2, %183 ] %191 = sext i32 %184 to i64 %192 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %191 %193 = load i64, i64* %192, align 8 %194 = add i64 %193, ptrtoint (%struct.rq* @runqueues to i64) %195 = inttoptr i64 %194 to %struct.rq* %196 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !22 %197 = icmp eq i32 %196, %184 br i1 %197, label %212, label %198 %199 = sext i32 %196 to i64 %200 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %199 %201 = load i64, i64* %200, align 8 %202 = add i64 %201, ptrtoint (i32* @sd_llc_id to i64) %203 = inttoptr i64 %202 to i32* %204 = load i32, i32* %203, align 4 %205 = load i64, i64* %192, align 8 %206 = add i64 %205, ptrtoint (i32* @sd_llc_id to i64) %207 = inttoptr i64 %206 to i32* %208 = load i32, i32* %207, align 4 %209 = icmp eq i32 %204, %208 br i1 %209, label %212, label %210 %211 = tail call i64 @sched_clock_cpu(i32 %184) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.50485* %0, i32 %184, i32 %190) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 58 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %45 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %45, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #69 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %45 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #69 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.msr_regs_info, align 8 %4 = bitcast %struct.msr_regs_info* %3 to i8* %5 = getelementptr inbounds %struct.msr_regs_info, %struct.msr_regs_info* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.msr_regs_info, %struct.msr_regs_info* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %45 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %45, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #69 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %45 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #69 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.msr_regs_info, align 8 %4 = bitcast %struct.msr_regs_info* %3 to i8* %5 = getelementptr inbounds %struct.msr_regs_info, %struct.msr_regs_info* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.msr_regs_info, %struct.msr_regs_info* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 init_debug_store_on_cpu 4 intel_pmu_cpu_starting ------------- Path:  Function:intel_pmu_cpu_starting %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events.5372* %7 = add i64 %4, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %8 = inttoptr i64 %7 to %struct.cpuinfo_x86* %9 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %8, i64 0, i32 27 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i32 tail call void @init_debug_store_on_cpu(i32 %0) #69 Function:init_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %16, label %10 %11 = ptrtoint %struct.debug_store* %8 to i64 %12 = trunc i64 %11 to i32 %13 = lshr i64 %11, 32 %14 = trunc i64 %13 to i32 %15 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 %12, i32 %14) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 init_debug_store_on_cpu 4 intel_pmu_cpu_starting ------------- Path:  Function:intel_pmu_cpu_starting %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events.5372* %7 = add i64 %4, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %8 = inttoptr i64 %7 to %struct.cpuinfo_x86* %9 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %8, i64 0, i32 27 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i32 tail call void @init_debug_store_on_cpu(i32 %0) #69 Function:init_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %16, label %10 %11 = ptrtoint %struct.debug_store* %8 to i64 %12 = trunc i64 %11 to i32 %13 = lshr i64 %11, 32 %14 = trunc i64 %13 to i32 %15 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 %12, i32 %14) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 fini_debug_store_on_cpu 4 intel_pmu_cpu_dying ------------- Path:  Function:intel_pmu_cpu_dying tail call void @fini_debug_store_on_cpu(i32 %0) #69 Function:fini_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %12, label %10 %11 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 0, i32 0) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 fini_debug_store_on_cpu 4 intel_pmu_cpu_dying ------------- Path:  Function:intel_pmu_cpu_dying tail call void @fini_debug_store_on_cpu(i32 %0) #69 Function:fini_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %12, label %10 %11 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 0, i32 0) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_safe_on_cpu 3 msr_write.24255 ------------- Path:  Function:msr_write.24255 %5 = alloca [2 x i32], align 4 %6 = bitcast i8* %1 to i32* %7 = bitcast [2 x i32]* %5 to i8* %8 = load i64, i64* %3, align 8 %9 = trunc i64 %8 to i32 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.inode, %struct.inode* %11, i64 0, i32 13 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1048575 %15 = and i64 %2, 7 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %19 = icmp eq i64 %2, 0 br i1 %19, label %44, label %20 %21 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 br label %22 %23 = phi i64 [ 0, %20 ], [ %36, %34 ] %24 = phi i64 [ %2, %20 ], [ %37, %34 ] %25 = phi i32* [ %6, %20 ], [ %35, %34 ] %26 = bitcast i32* %25 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %7, i8* %26, i64 8) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %39 %30 = load i32, i32* %18, align 4 %31 = load i32, i32* %21, align 4 %32 = call i32 @wrmsr_safe_on_cpu(i32 %14, i32 %9, i32 %30, i32 %31) #69 Function:wrmsr_safe_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_safe_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 arch_freq_prepare_all 3 cpuinfo_open ------------- Path:  Function:cpuinfo_open tail call void @arch_freq_prepare_all() #69 Function:arch_freq_prepare_all %1 = tail call i64 @ktime_get() #69 %2 = load i32, i32* @cpu_khz, align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %34, label %4 callbr void asm sideeffect "1: jmp 6f\0A2:\0A.skip -(((5f-4f) - (2b-1b)) > 0) * ((5f-4f) - (2b-1b)),0x90\0A3:\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 4f - .\0A .word ${1:P}\0A .byte 3b - 1b\0A .byte 5f - 4f\0A .byte 3b - 2b\0A.previous\0A.section .altinstr_replacement,\22ax\22\0A4: jmp ${5:l}\0A5:\0A.previous\0A.section .altinstructions,\22a\22\0A .long 1b - .\0A .long 0\0A .word ${0:P}\0A .byte 3b - 1b\0A .byte 0\0A .byte 0\0A.previous\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $2,$3\0A jnz ${4:l}\0A jmp ${5:l}\0A.previous\0A", "i,i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 124, i32 117, i32 16, i8* getelementptr (i8, i8* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 0) to i8*), i64 15), i8* blockaddress(@arch_freq_prepare_all, %6), i8* blockaddress(@arch_freq_prepare_all, %34)) #6 to label %5 [label %6, label %34], !srcloc !4 %7 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #69 %8 = load i32, i32* @nr_cpu_ids, align 4 %9 = icmp ult i32 %7, %8 br i1 %9, label %10, label %34 %11 = phi i32 [ %27, %25 ], [ %7, %6 ] %12 = phi i8 [ %26, %25 ], [ 0, %6 ] %13 = sext i32 %11 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (i64* getelementptr inbounds (%struct.aperfmperf_sample, %struct.aperfmperf_sample* @samples, i64 0, i32 1) to i64) %17 = inttoptr i64 %16 to i64* %18 = load i64, i64* %17, align 8 %19 = sub i64 %1, %18 %20 = icmp slt i64 %19, 10000000 br i1 %20, label %24, label %21 %22 = tail call i32 @smp_call_function_single(i32 %11, void (i8*)* nonnull @aperfmperf_snapshot_khz, i8* null, i32 0) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __se_sys_settimeofday 8 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.48* %3 to i8* %7 = bitcast %struct.anon.48* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.48* null, %struct.anon.48* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.48* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __se_sys_settimeofday 8 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.48* %3 to i8* %7 = bitcast %struct.anon.48* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.48* null, %struct.anon.48* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.48* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.util_est, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = bitcast %struct.anon.48* %2 to i8* %12 = bitcast %struct.anon.48* %3 to i8* %13 = bitcast %struct.util_est* %4 to i8* %14 = icmp eq i64 %7, 0 br i1 %14, label %27, label %15 %16 = inttoptr i64 %7 to i8* %17 = call i32 @compat_get_timeval(%struct.anon.48* nonnull %3, i8* nonnull %16) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %68 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = mul i64 %24, 1000 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 %25, i64* %26, align 8 br label %27 %28 = icmp eq i64 %10, 0 br i1 %28, label %33, label %29 %30 = inttoptr i64 %10 to i8* %31 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %30, i64 8) #69 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %68 %34 = phi %struct.util_est* [ null, %27 ], [ %4, %29 ] %35 = select i1 %14, %struct.anon.48* null, %struct.anon.48* %2 br i1 %14, label %46, label %36 %37 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp slt i64 %38, 0 br i1 %39, label %65, label %40 %41 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp ult i64 %42, 1000000000 %44 = icmp ult i64 %38, 8277292036 %45 = and i1 %44, %43 br i1 %45, label %46, label %65 %47 = call i32 @security_settime64(%struct.anon.48* %35, %struct.util_est* %34) #69 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %65 %50 = icmp eq %struct.util_est* %34, null br i1 %50, label %62, label %51 %52 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 0 %53 = load i32, i32* %52, align 4 %54 = add i32 %53, 900 %55 = icmp ugt i32 %54, 1800 br i1 %55, label %65, label %56 %57 = bitcast %struct.util_est* %34 to i64* %58 = load i64, i64* %57, align 4 store i64 %58, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %59 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %59, label %62, label %60 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %61, label %63 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.anon.48* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.anon.48* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __ia32_compat_sys_stime ------------- Path:  Function:__ia32_compat_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.anon.48* %2 to i8* %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = shl i64 %11, 32 %15 = ashr exact i64 %14, 32 %16 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %13, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %27, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %20, align 8 %21 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu_cond 4 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #69 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %18, label %13 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 store i32 %11, i32* %19, align 4 %20 = bitcast %struct.kmem_cache* %0 to i8* call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %20, i1 zeroext true, i32 4718624) #69 Function:on_each_cpu_cond %6 = alloca i64, align 8 %7 = alloca [1 x %struct.cpumask], align 8 %8 = bitcast [1 x %struct.cpumask]* %7 to i8* %9 = and i32 %4, 2097152 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %15 = call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #69 %16 = load i32, i32* @nr_cpu_ids, align 4 %17 = icmp ult i32 %15, %16 br i1 %17, label %18, label %27 %19 = phi i32 [ %24, %23 ], [ %15, %13 ] %20 = call zeroext i1 %0(i32 %19, i8* %2) #69 br i1 %20, label %21, label %23 %22 = zext i32 %19 to i64 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %14, i64 %22) #6, !srcloc !4 br label %23 %24 = call i32 @cpumask_next(i32 %19, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = load i32, i32* @nr_cpu_ids, align 4 %26 = icmp ult i32 %24, %25 br i1 %26, label %18, label %27 %28 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %29 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %28, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu_cond 4 validate_store ------------- Path:  Function:validate_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %106 %7 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 65535 %10 = add nuw nsw i32 %9, 63 %11 = lshr i32 %10, 6 %12 = zext i32 %11 to i64 %13 = tail call fastcc i8* @kmalloc_array.13590(i64 %12, i32 6291648) #69 %14 = bitcast i8* %13 to i64* %15 = icmp eq i8* %13, null br i1 %15, label %99, label %16 %17 = bitcast %struct.kmem_cache* %0 to i8* tail call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %17, i1 zeroext true, i32 4718624) #69 Function:on_each_cpu_cond %6 = alloca i64, align 8 %7 = alloca [1 x %struct.cpumask], align 8 %8 = bitcast [1 x %struct.cpumask]* %7 to i8* %9 = and i32 %4, 2097152 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %15 = call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #69 %16 = load i32, i32* @nr_cpu_ids, align 4 %17 = icmp ult i32 %15, %16 br i1 %17, label %18, label %27 %19 = phi i32 [ %24, %23 ], [ %15, %13 ] %20 = call zeroext i1 %0(i32 %19, i8* %2) #69 br i1 %20, label %21, label %23 %22 = zext i32 %19 to i64 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %14, i64 %22) #6, !srcloc !4 br label %23 %24 = call i32 @cpumask_next(i32 %19, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = load i32, i32* @nr_cpu_ids, align 4 %26 = icmp ult i32 %24, %25 br i1 %26, label %18, label %27 %28 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %29 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %28, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %42 = zext i1 %3 to i32 %43 = call i32 @smp_call_function_single(i32 %29, void (i8*)* %1, i8* %2, i32 %42) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = icmp eq i32 %3, 0 br i1 %23, label %24, label %39 %40 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 rdmsr_safe_on_cpu 3 msr_read.24253 ------------- Path:  Function:msr_read.24253 %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %44 %17 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 %19 = icmp eq i64 %2, 0 br i1 %19, label %42, label %20 %21 = bitcast i8* %1 to i32* br label %22 %23 = phi i64 [ %34, %32 ], [ 0, %20 ] %24 = phi i64 [ %35, %32 ], [ %2, %20 ] %25 = phi i32* [ %33, %32 ], [ %21, %20 ] %26 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %17, i32* %18) #69 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = bitcast %struct.__call_single_data* %6 to i64* store i64 0, i64* %9, align 32 %10 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %10, align 8 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 16 %13 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 3 store i32 0, i32* %13, align 8 %14 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %15 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_waitqueue_head(%struct.wait_queue_head* %14, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.24218, i64 0, i64 0), %struct.lock_class_key* nonnull @__init_completion.__key.24219) #69 %16 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 0, i32 0 store i32 %1, i32* %16, align 8 %17 = call i32 @smp_call_function_single_async(i32 %0, %struct.__call_single_data* nonnull %6) #69 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %16, label %7, !prof !5, !misexpect !6 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %17 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 %18 = load void (i8*)*, void (i8*)** %17, align 8 %19 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 %20 = load i8*, i8** %19, align 8 %21 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1, void (i8*)* %18, i8* %20) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %58 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_waitqueue_head(%struct.wait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3064, i64 0, i64 0), %struct.lock_class_key* nonnull @__init_completion.__key) #69 %20 = icmp eq i64 %2, 0 br i1 %20, label %56, label %21 %22 = bitcast %struct.__call_single_data* %6 to i8* %23 = bitcast %struct.__call_single_data* %6 to i64* %24 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %25 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.cpuid_regs_done** %27 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 3 %28 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 0 %29 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 2 br label %30 %31 = phi i64 [ 0, %21 ], [ %47, %45 ] %32 = phi i64 [ %16, %21 ], [ %48, %45 ] %33 = phi i8* [ %1, %21 ], [ %46, %45 ] %34 = phi i64 [ %2, %21 ], [ %49, %45 ] store i64 0, i64* %23, align 32 store void (i8*)* @cpuid_smp_cpuid, void (i8*)** %24, align 8 store %struct.cpuid_regs_done* %5, %struct.cpuid_regs_done** %26, align 16 store i32 0, i32* %27, align 8 %35 = trunc i64 %32 to i32 store i32 %35, i32* %28, align 8 %36 = lshr i64 %32, 32 %37 = trunc i64 %36 to i32 store i32 %37, i32* %29, align 8 %38 = call i32 @smp_call_function_single_async(i32 %12, %struct.__call_single_data* nonnull %6) #69 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %16, label %7, !prof !5, !misexpect !6 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %17 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 %18 = load void (i8*)*, void (i8*)** %17, align 8 %19 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 %20 = load i8*, i8** %19, align 8 %21 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1, void (i8*)* %18, i8* %20) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %18 %19 = load i32, i32* @nr_cpu_ids, align 4 %20 = icmp ugt i32 %19, %0 br i1 %20, label %21, label %26 %22 = zext i32 %0 to i64 %23 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %22) #6, !srcloc !13 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %34 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %35, align 8 %36 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %36, align 8 %37 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %38 = sext i32 %0 to i64 %39 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %38 %40 = load i64, i64* %39, align 8 %41 = add i64 %40, ptrtoint (%struct.llist_node* @call_single_queue to i64) %42 = inttoptr i64 %41 to %struct.llist_node* %43 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %37, %struct.llist_node* %37, %struct.llist_node* %42) #70 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __se_sys_settimeofday 6 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.48* %3 to i8* %7 = bitcast %struct.anon.48* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.48* null, %struct.anon.48* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.48* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __se_sys_settimeofday 6 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.48* %3 to i8* %7 = bitcast %struct.anon.48* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.48* null, %struct.anon.48* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.48* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.util_est, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = bitcast %struct.anon.48* %2 to i8* %12 = bitcast %struct.anon.48* %3 to i8* %13 = bitcast %struct.util_est* %4 to i8* %14 = icmp eq i64 %7, 0 br i1 %14, label %27, label %15 %16 = inttoptr i64 %7 to i8* %17 = call i32 @compat_get_timeval(%struct.anon.48* nonnull %3, i8* nonnull %16) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %68 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = mul i64 %24, 1000 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 %25, i64* %26, align 8 br label %27 %28 = icmp eq i64 %10, 0 br i1 %28, label %33, label %29 %30 = inttoptr i64 %10 to i8* %31 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %30, i64 8) #69 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %68 %34 = phi %struct.util_est* [ null, %27 ], [ %4, %29 ] %35 = select i1 %14, %struct.anon.48* null, %struct.anon.48* %2 br i1 %14, label %46, label %36 %37 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp slt i64 %38, 0 br i1 %39, label %65, label %40 %41 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp ult i64 %42, 1000000000 %44 = icmp ult i64 %38, 8277292036 %45 = and i1 %44, %43 br i1 %45, label %46, label %65 %47 = call i32 @security_settime64(%struct.anon.48* %35, %struct.util_est* %34) #69 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %65 %50 = icmp eq %struct.util_est* %34, null br i1 %50, label %62, label %51 %52 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 0 %53 = load i32, i32* %52, align 4 %54 = add i32 %53, 900 %55 = icmp ugt i32 %54, 1800 br i1 %55, label %65, label %56 %57 = bitcast %struct.util_est* %34 to i64* %58 = load i64, i64* %57, align 4 store i64 %58, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %59 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %59, label %62, label %60 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %61, label %63 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.48, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.48* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.48* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource* %13 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.48* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.anon.48* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.anon.48* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __ia32_compat_sys_stime ------------- Path:  Function:__ia32_compat_sys_stime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.anon.48* %2 to i8* %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = shl i64 %11, 32 %15 = ashr exact i64 %14, 32 %16 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %13, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %27, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 store i64 0, i64* %20, align 8 %21 = call i32 @security_settime64(%struct.anon.48* nonnull %2, %struct.util_est* null) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = call i32 @do_settimeofday64(%struct.anon.48* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %110 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource* %19 = getelementptr inbounds %struct.clocksource, %struct.clocksource* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource*)*, i64 (%struct.clocksource*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.48* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.48* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %108 = load i32, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 %109 = add i32 %108, 1 store i32 %109, i32* getelementptr inbounds (%struct.anon.62.73722, %struct.anon.62.73722* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set %1 = tail call i32 @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu_cond 2 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #69 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %18, label %13 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 store i32 %11, i32* %19, align 4 %20 = bitcast %struct.kmem_cache* %0 to i8* call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %20, i1 zeroext true, i32 4718624) #69 Function:on_each_cpu_cond %6 = alloca i64, align 8 %7 = alloca [1 x %struct.cpumask], align 8 %8 = bitcast [1 x %struct.cpumask]* %7 to i8* %9 = and i32 %4, 2097152 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %15 = call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #69 %16 = load i32, i32* @nr_cpu_ids, align 4 %17 = icmp ult i32 %15, %16 br i1 %17, label %18, label %27 %19 = phi i32 [ %24, %23 ], [ %15, %13 ] %20 = call zeroext i1 %0(i32 %19, i8* %2) #69 br i1 %20, label %21, label %23 %22 = zext i32 %19 to i64 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %14, i64 %22) #6, !srcloc !4 br label %23 %24 = call i32 @cpumask_next(i32 %19, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = load i32, i32* @nr_cpu_ids, align 4 %26 = icmp ult i32 %24, %25 br i1 %26, label %18, label %27 %28 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %29 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %28, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu_cond 2 validate_store ------------- Path:  Function:validate_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %106 %7 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 65535 %10 = add nuw nsw i32 %9, 63 %11 = lshr i32 %10, 6 %12 = zext i32 %11 to i64 %13 = tail call fastcc i8* @kmalloc_array.13590(i64 %12, i32 6291648) #69 %14 = bitcast i8* %13 to i64* %15 = icmp eq i8* %13, null br i1 %15, label %99, label %16 %17 = bitcast %struct.kmem_cache* %0 to i8* tail call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %17, i1 zeroext true, i32 4718624) #69 Function:on_each_cpu_cond %6 = alloca i64, align 8 %7 = alloca [1 x %struct.cpumask], align 8 %8 = bitcast [1 x %struct.cpumask]* %7 to i8* %9 = and i32 %4, 2097152 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %15 = call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #69 %16 = load i32, i32* @nr_cpu_ids, align 4 %17 = icmp ult i32 %15, %16 br i1 %17, label %18, label %27 %19 = phi i32 [ %24, %23 ], [ %15, %13 ] %20 = call zeroext i1 %0(i32 %19, i8* %2) #69 br i1 %20, label %21, label %23 %22 = zext i32 %19 to i64 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %14, i64 %22) #6, !srcloc !4 br label %23 %24 = call i32 @cpumask_next(i32 %19, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = load i32, i32* @nr_cpu_ids, align 4 %26 = icmp ult i32 %24, %25 br i1 %26, label %18, label %27 %28 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %7, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %29 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %28, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %25 = icmp eq i32 %24, %6 br i1 %25, label %26, label %28 %27 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %28 %29 = phi i32 [ %27, %26 ], [ %24, %23 ] %30 = load i32, i32* @nr_cpu_ids, align 4 %31 = icmp ult i32 %29, %30 br i1 %31, label %32, label %127 %33 = call i32 @cpumask_next_and(i32 %29, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %34 = icmp eq i32 %33, %6 br i1 %34, label %35, label %37 %36 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %37 %38 = phi i32 [ %36, %35 ], [ %33, %32 ] %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ult i32 %38, %39 br i1 %40, label %44, label %41 %45 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !10 %46 = inttoptr i64 %45 to %struct.call_function_data* %47 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 1, i64 0 %48 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %47, i64 0, i32 0, i64 0 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %50 = load i64, i64* %49, align 8 %51 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %52 = and i64 %51, %50 store i64 %52, i64* %48, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %7) #6, !srcloc !11 %53 = call fastcc i32 @cpumask_weight.8480(%struct.cpumask* %47) #70 %54 = icmp eq i32 %53, 0 br i1 %54, label %127, label %55, !prof !12, !misexpect !13 %56 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %46, i64 0, i32 2, i64 0 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %56, i64 0, i32 0, i64 0 store i64 0, i64* %57, align 8 %58 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %47) #69 %59 = load i32, i32* @nr_cpu_ids, align 4 %60 = icmp ult i32 %58, %59 br i1 %60, label %61, label %99 %62 = inttoptr i64 %45 to i64* br label %63 %64 = phi i32 [ %58, %61 ], [ %96, %95 ] %65 = load i64, i64* %62, align 8 %66 = sext i32 %64 to i64 %67 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %66 %68 = load i64, i64* %67, align 8 %69 = add i64 %68, %65 %70 = inttoptr i64 %69 to %struct.__call_single_data* %71 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 3 %72 = load volatile i32, i32* %71, align 4 %73 = and i32 %72, 1 %74 = icmp eq i32 %73, 0 br i1 %74, label %79, label %75 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %76 = load volatile i32, i32* %71, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %75 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %80 = load i32, i32* %71, align 8 %81 = or i32 %80, 1 store i32 %81, i32* %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br i1 %3, label %82, label %85 %83 = load i32, i32* %71, align 8 %84 = or i32 %83, 2 store i32 %84, i32* %71, align 8 br label %85 %86 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %86, align 8 %87 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 2 store i8* %2, i8** %87, align 16 %88 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %70, i64 0, i32 0 %89 = load i64, i64* %67, align 8 %90 = add i64 %89, ptrtoint (%struct.llist_node* @call_single_queue to i64) %91 = inttoptr i64 %90 to %struct.llist_node* %92 = call zeroext i1 @llist_add_batch(%struct.llist_node* %88, %struct.llist_node* %88, %struct.llist_node* %91) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 p4_pmu_handle_irq ------------- Path:  Function:p4_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events.3614* %6 = load i32, i32* getelementptr inbounds (%struct.x86_pmu.3618, %struct.x86_pmu.3618* bitcast (%struct.x86_pmu* @x86_pmu to %struct.x86_pmu.3618*), i64 0, i32 18), align 4 %7 = icmp sgt i32 %6, 0 br i1 %7, label %8, label %102 %9 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 1, i64 0 %10 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %11 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %12 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 %14 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 2, i64 0 br label %15 %16 = phi i64 [ 0, %8 ], [ %95, %93 ] %17 = phi i32 [ 0, %8 ], [ %94, %93 ] %18 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %16) #6, !srcloc !5 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %26 %27 = getelementptr %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 0, i64 %16 %28 = load %struct.perf_event.3604*, %struct.perf_event.3604** %27, align 8 %29 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 0, i32 0, i32 5 %30 = load i32, i32* %29, align 4 %31 = zext i32 %30 to i64 %32 = icmp eq i64 %16, %31 br i1 %32, label %34, label %33, !prof !7, !misexpect !8 %35 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 0, i32 0, i32 2 %36 = load i64, i64* %35, align 8 %37 = trunc i64 %36 to i32 %38 = call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 %37) #6, !srcloc !11 %39 = extractvalue { i64, i64 } %38, 0 %40 = extractvalue { i64, i64 } %38, 1 %41 = shl i64 %40, 32 %42 = or i64 %41, %39 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %43)) #6 to label %44 [label %43], !srcloc !12 call void @do_trace_read_msr(i32 %37, i64 %42, i32 0) #69 br label %44 %45 = trunc i64 %39 to i32 %46 = icmp sgt i32 %45, -1 br i1 %46, label %56, label %47 %48 = load i64, i64* %35, align 8 %49 = trunc i64 %48 to i32 %50 = and i64 %42, -2147483649 %51 = trunc i64 %50 to i32 %52 = lshr i64 %42, 32 %53 = trunc i64 %52 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 %49, i32 %51, i32 %53) #6, !srcloc !13 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %54)) #6 to label %71 [label %54], !srcloc !12 call void @do_trace_write_msr(i32 %49, i64 %50, i32 0) #69 %55 = call i64 bitcast (i64 (%struct.perf_event*)* @x86_perf_event_update to i64 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %28) #69 br label %82 %83 = phi i32 [ 1, %54 ], [ 0, %75 ], [ %72, %71 ] %84 = add i32 %83, %17 %85 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 7 %86 = load i64, i64* %85, align 8 store i64 %86, i64* %10, align 8 store i64 0, i64* %11, align 32 store i64 84410401, i64* %12, align 16 store i64 0, i64* %13, align 8 %87 = call i32 bitcast (i32 (%struct.perf_event*)* @x86_perf_event_set_period to i32 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %28) #69 %88 = icmp eq i32 %87, 0 br i1 %88, label %93, label %89 %90 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.3604*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.3604* %28, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 knc_pmu_handle_irq ------------- Path:  Function:knc_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = alloca i64, align 8 %4 = bitcast %struct.perf_sample_data* %2 to i8* %5 = bitcast i64* %3 to i8* %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %7 = inttoptr i64 %6 to %struct.cpu_hw_events.3614* %8 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 47) #6, !srcloc !5 %9 = extractvalue { i64, i64 } %8, 0 %10 = extractvalue { i64, i64 } %8, 1 %11 = shl i64 %10, 32 %12 = or i64 %11, %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %13)) #6 to label %14 [label %13], !srcloc !6 tail call void @do_trace_read_msr(i32 47, i64 %12, i32 0) #69 br label %14 %15 = and i64 %12, -4 %16 = trunc i64 %15 to i32 %17 = lshr i64 %12, 32 %18 = trunc i64 %17 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 47, i32 %16, i32 %18) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %19)) #6 to label %20 [label %19], !srcloc !6 %21 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 45) #6, !srcloc !5 %22 = extractvalue { i64, i64 } %21, 0 %23 = extractvalue { i64, i64 } %21, 1 %24 = shl i64 %23, 32 %25 = or i64 %24, %22 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %26)) #6 to label %27 [label %26], !srcloc !6 store i64 %25, i64* %3, align 8 %28 = icmp eq i64 %25, 0 br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %7, i64 0, i32 1, i64 0 %31 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %32 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %33 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %34 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %48 %49 = phi i64 [ %99, %101 ], [ %25, %29 ] %50 = phi i32 [ %57, %101 ], [ 0, %29 ] %51 = phi i32 [ %94, %101 ], [ 0, %29 ] %52 = trunc i64 %49 to i32 %53 = lshr i64 %49, 32 %54 = trunc i64 %53 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 46, i32 %52, i32 %54) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %55)) #6 to label %56 [label %55], !srcloc !6 %57 = add nuw nsw i32 %50, 1 %58 = icmp eq i32 %50, 100 br i1 %58, label %59, label %63 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9), i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9)) #6, !srcloc !12 %64 = call i64 @find_first_bit(i64* nonnull %3, i64 64) #69 %65 = trunc i64 %64 to i32 %66 = icmp slt i32 %65, 64 br i1 %66, label %67, label %93 %68 = phi i32 [ %74, %87 ], [ %51, %63 ] %69 = phi i64 [ %90, %87 ], [ %64, %63 ] %70 = shl i64 %69, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %7, i64 0, i32 0, i64 %71 %73 = load %struct.perf_event.3604*, %struct.perf_event.3604** %72, align 8 %74 = add i32 %68, 1 %75 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %71) #6, !srcloc !13 %76 = and i8 %75, 1 %77 = icmp eq i8 %76, 0 br i1 %77, label %87, label %78 %79 = call i32 bitcast (i32 (%struct.perf_event.5361*)* @intel_pmu_save_and_restart to i32 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %73) #69 %80 = icmp eq i32 %79, 0 br i1 %80, label %87, label %81 %82 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %73, i64 0, i32 26, i32 7 %83 = load i64, i64* %82, align 8 store i64 %83, i64* %31, align 8 store i64 0, i64* %32, align 32 store i64 84410401, i64* %33, align 16 store i64 0, i64* %34, align 8 %84 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.3604*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.3604* %73, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq 6 amd_pmu_handle_irq ------------- Path:  Function:amd_pmu_handle_irq %2 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %3 = inttoptr i64 %2 to %struct.cpu_hw_events.3614* %4 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %3, i64 0, i32 1, i64 0 %5 = tail call i32 @__bitmap_weight(i64* %4, i32 64) #69 %6 = tail call i32 @x86_pmu_handle_irq(%struct.pt_regs* %0) #69 Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6_ms ------------- Path:  Function:show_rc6_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278216) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6pp_ms ------------- Path:  Function:show_rc6pp_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278224) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6p_ms ------------- Path:  Function:show_rc6p_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278220) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_media_rc6_ms ------------- Path:  Function:show_media_rc6_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278220) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_compat_sys_timerfd_settime ------------- Path:  Function:__ia32_compat_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.compat_itimerspec* %15 = inttoptr i64 %13 to %struct.compat_itimerspec* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_compat_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.compat_itimerspec* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 cpu_clock_event_add ------------- Path:  Function:cpu_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %28, label %5 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = tail call i64 @sched_clock_cpu(i32 %6) #69 %8 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %10 = load i64, i64* %9, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %21 = load i64, i64* %20, align 8 %22 = icmp ugt i64 %21, 10000 %23 = select i1 %22, i64 %21, i64 10000 br label %24 %25 = phi i64 [ %18, %16 ], [ %23, %19 ] %26 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %27 = bitcast %union.anon.76.209* %26 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %27, i64 %25, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 cpu_clock_event_start ------------- Path:  Function:cpu_clock_event_start %3 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %4 = tail call i64 @sched_clock_cpu(i32 %3) #69 %5 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %4, i64* %5, align 8 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %25, label %9 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %16, label %13 %17 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %18 = load i64, i64* %17, align 8 %19 = icmp ugt i64 %18, 10000 %20 = select i1 %19, i64 %18, i64 10000 br label %21 %22 = phi i64 [ %15, %13 ], [ %20, %16 ] %23 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %24 = bitcast %union.anon.76.209* %23 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %24, i64 %22, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 task_clock_event_add ------------- Path:  Function:task_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %30, label %5 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 27 %7 = load %struct.perf_event_context.97649*, %struct.perf_event_context.97649** %6, align 8 %8 = getelementptr inbounds %struct.perf_event_context.97649, %struct.perf_event_context.97649* %7, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %30, label %14 %15 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 10000 %25 = select i1 %24, i64 %23, i64 10000 br label %26 %27 = phi i64 [ %20, %18 ], [ %25, %21 ] %28 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %29 = bitcast %union.anon.76.209* %28 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %29, i64 %27, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 task_clock_event_start ------------- Path:  Function:task_clock_event_start %3 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 27 %4 = load %struct.perf_event_context.97649*, %struct.perf_event_context.97649** %3, align 8 %5 = getelementptr inbounds %struct.perf_event_context.97649, %struct.perf_event_context.97649* %4, i64 0, i32 18 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %6, i64* %7, align 8 %8 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %27, label %11 %12 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %18, label %15 %19 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 10000 %22 = select i1 %21, i64 %20, i64 10000 br label %23 %24 = phi i64 [ %17, %15 ], [ %22, %18 ] %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %26 = bitcast %union.anon.76.209* %25 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %26, i64 %24, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_compat_sys_nanosleep ------------- Path:  Function:__ia32_compat_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %8 to %struct.util_est* %10 = bitcast %struct.anon.48* %2 to i8* %11 = inttoptr i64 %5 to i8* %12 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* %11) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp eq i64 %8, 0 %24 = select i1 %23, i32 0, i32 2 %25 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1 %27 = bitcast %union.anon.25* %26 to %struct.anon.15* %28 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.util_est** store %struct.util_est* %9, %struct.util_est** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to %struct.anon.48* %10 = inttoptr i64 %8 to %struct.anon.48* %11 = bitcast %struct.anon.48* %2 to i8* %12 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* %9) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp ne i64 %8, 0 %24 = zext i1 %23 to i32 %25 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1 %27 = bitcast %union.anon.25* %26 to %struct.anon.15* %28 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.anon.48** store %struct.anon.48* %10, %struct.anon.48** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to %struct.anon.48** %5 = load %struct.anon.48*, %struct.anon.48** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.48* %9 = bitcast %struct.anon.48* %2 to i8* %10 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp ne i64 %7, 0 %22 = zext i1 %21 to i32 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 46, i32 1 %25 = bitcast %union.anon.25* %24 to %struct.anon.15* %26 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 46, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.anon.48** store %struct.anon.48* %8, %struct.anon.48** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_compat_sys_mq_timedreceive ------------- Path:  Function:__ia32_compat_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.48* %24 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.48* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.48* %20 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.48* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.48* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %19) #69 %21 = icmp eq %struct.task_struct.39605* %20, null br i1 %21, label %50, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %20, i1 zeroext %33) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.39605* %11, null br i1 %12, label %37, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.39605* %11, null br i1 %12, label %37, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_compat_sys_epoll_pwait ------------- Path:  Function:__ia32_compat_sys_epoll_pwait %2 = alloca %struct.cpumask, align 8 %3 = alloca %struct.cpumask, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to %struct.epoll_event* %20 = trunc i64 %10 to i32 %21 = trunc i64 %12 to i32 %22 = inttoptr i64 %15 to %struct.kernel_cap_struct* %23 = bitcast %struct.cpumask* %2 to i8* %24 = bitcast %struct.cpumask* %3 to i8* %25 = icmp eq i64 %15, 0 br i1 %25, label %26, label %29 %30 = trunc i64 %17 to i32 %31 = icmp eq i32 %30, 8 br i1 %31, label %32, label %55 %33 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* nonnull %22) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %55 %36 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %37 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %36, i64 0, i32 88, i32 0, i64 0 %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 %39 = load i64, i64* %37, align 16 store i64 %39, i64* %38, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %40 = call fastcc i32 @do_epoll_wait(i32 %18, %struct.epoll_event* %19, i32 %20, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __se_sys_epoll_pwait 13 __ia32_sys_epoll_pwait ------------- Path:  Function:__ia32_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_epoll_pwait(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_epoll_pwait %7 = alloca %struct.cpumask, align 8 %8 = alloca %struct.cpumask, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.epoll_event* %11 = trunc i64 %2 to i32 %12 = trunc i64 %3 to i32 %13 = bitcast %struct.cpumask* %7 to i8* %14 = bitcast %struct.cpumask* %8 to i8* %15 = icmp eq i64 %4, 0 br i1 %15, label %16, label %18 %19 = icmp eq i64 %5, 8 br i1 %19, label %20, label %46 %21 = inttoptr i64 %4 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %21, i64 8) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %46 %25 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %26 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %25, i64 0, i32 88, i32 0, i64 0 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %28 = load i64, i64* %26, align 16 store i64 %28, i64* %27, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %7) #69 %29 = call fastcc i32 @do_epoll_wait(i32 %9, %struct.epoll_event* %10, i32 %11, i32 %12) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __se_sys_epoll_pwait 13 __x64_sys_epoll_pwait ------------- Path:  Function:__x64_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_epoll_pwait(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_epoll_pwait %7 = alloca %struct.cpumask, align 8 %8 = alloca %struct.cpumask, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.epoll_event* %11 = trunc i64 %2 to i32 %12 = trunc i64 %3 to i32 %13 = bitcast %struct.cpumask* %7 to i8* %14 = bitcast %struct.cpumask* %8 to i8* %15 = icmp eq i64 %4, 0 br i1 %15, label %16, label %18 %19 = icmp eq i64 %5, 8 br i1 %19, label %20, label %46 %21 = inttoptr i64 %4 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %21, i64 8) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %46 %25 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %26 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %25, i64 0, i32 88, i32 0, i64 0 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %28 = load i64, i64* %26, align 16 store i64 %28, i64* %27, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %7) #69 %29 = call fastcc i32 @do_epoll_wait(i32 %9, %struct.epoll_event* %10, i32 %11, i32 %12) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_wait ------------- Path:  Function:__ia32_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.epoll_event* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %12, i32 %13, i32 %14) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_wait ------------- Path:  Function:__x64_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %6, i32 %12, i32 %13) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll ------------- Path:  Function:__ia32_compat_sys_ppoll %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.cpumask, align 8 %5 = alloca %struct.cpumask, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = inttoptr i64 %10 to %struct.perf_event_header* %22 = trunc i64 %12 to i32 %23 = inttoptr i64 %18 to %struct.kernel_cap_struct* %24 = trunc i64 %20 to i32 %25 = bitcast %struct.cpumask* %4 to i8* %26 = bitcast %struct.cpumask* %5 to i8* %27 = bitcast %struct.anon.48* %6 to i8* %28 = bitcast %struct.anon.48* %7 to i8* %29 = icmp eq i64 %15, 0 br i1 %29, label %54, label %30 %31 = inttoptr i64 %15 to i8* %32 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %6, i8* nonnull %31) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %133 %35 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, -1 %40 = icmp ult i64 %38, 1000000000 %41 = and i1 %39, %40 br i1 %41, label %42, label %133 %43 = or i64 %38, %36 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %46 call void @ktime_get_ts64(%struct.anon.48* nonnull %7) #69 %47 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = call { i64, i64 } @timespec64_add_safe(i64 %48, i64 %50, i64 %36, i64 %38) #69 %52 = extractvalue { i64, i64 } %51, 0 %53 = extractvalue { i64, i64 } %51, 1 store i64 %52, i64* %47, align 8 store i64 %53, i64* %49, align 8 br label %54 %55 = phi %struct.anon.48* [ null, %1 ], [ %7, %46 ], [ %7, %45 ] %56 = icmp eq i64 %18, 0 br i1 %56, label %62, label %57 %58 = icmp eq i32 %24, 8 br i1 %58, label %59, label %133 %60 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %4, %struct.kernel_cap_struct* nonnull %23) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %66, label %133 %67 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %68 = load i64, i64* %67, align 8 %69 = and i64 %68, -262401 store i64 %69, i64* %67, align 8 %70 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %4, %struct.cpumask* nonnull %5) #69 %71 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %21, i32 %22, %struct.anon.48* %55) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __ia32_sys_ppoll ------------- Path:  Function:__ia32_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_ppoll(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.cpumask, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.anon.48, align 8 %12 = inttoptr i64 %0 to %struct.perf_event_header* %13 = trunc i64 %1 to i32 %14 = inttoptr i64 %2 to %struct.anon.48* %15 = bitcast %struct.cpumask* %8 to i8* %16 = bitcast %struct.cpumask* %9 to i8* %17 = bitcast %struct.anon.48* %10 to i8* %18 = bitcast %struct.anon.48* %11 to i8* %19 = icmp eq i64 %2, 0 br i1 %19, label %43, label %20 %21 = call i32 @get_timespec64(%struct.anon.48* nonnull %10, %struct.anon.48* nonnull %14) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %122 %24 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %122 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %11) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ null, %5 ], [ %11, %35 ], [ %11, %34 ] %45 = icmp eq i64 %3, 0 br i1 %45, label %52, label %46 %47 = icmp eq i64 %4, 8 br i1 %47, label %48, label %122 %49 = inttoptr i64 %3 to i8* %50 = call i64 @_copy_from_user(i8* nonnull %15, i8* nonnull %49, i64 8) #69 %51 = icmp eq i64 %50, 0 br i1 %51, label %56, label %122 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %58 = load i64, i64* %57, align 8 %59 = and i64 %58, -262401 store i64 %59, i64* %57, align 8 %60 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %8, %struct.cpumask* nonnull %9) #69 %61 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %12, i32 %13, %struct.anon.48* %44) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __x64_sys_ppoll ------------- Path:  Function:__x64_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_ppoll(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.cpumask, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.anon.48, align 8 %12 = inttoptr i64 %0 to %struct.perf_event_header* %13 = trunc i64 %1 to i32 %14 = inttoptr i64 %2 to %struct.anon.48* %15 = bitcast %struct.cpumask* %8 to i8* %16 = bitcast %struct.cpumask* %9 to i8* %17 = bitcast %struct.anon.48* %10 to i8* %18 = bitcast %struct.anon.48* %11 to i8* %19 = icmp eq i64 %2, 0 br i1 %19, label %43, label %20 %21 = call i32 @get_timespec64(%struct.anon.48* nonnull %10, %struct.anon.48* nonnull %14) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %122 %24 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %122 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %11) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ null, %5 ], [ %11, %35 ], [ %11, %34 ] %45 = icmp eq i64 %3, 0 br i1 %45, label %52, label %46 %47 = icmp eq i64 %4, 8 br i1 %47, label %48, label %122 %49 = inttoptr i64 %3 to i8* %50 = call i64 @_copy_from_user(i8* nonnull %15, i8* nonnull %49, i64 8) #69 %51 = icmp eq i64 %50, 0 br i1 %51, label %56, label %122 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %58 = load i64, i64* %57, align 8 %59 = and i64 %58, -262401 store i64 %59, i64* %57, align 8 %60 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %8, %struct.cpumask* nonnull %9) #69 %61 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %12, i32 %13, %struct.anon.48* %44) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.48* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.48* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.48* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.48* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.48* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.48* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_pselect6 ------------- Path:  Function:__ia32_compat_sys_pselect6 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.cpumask, align 8 %5 = alloca %struct.cpumask, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = and i64 %23, 4294967295 %25 = trunc i64 %9 to i32 %26 = inttoptr i64 %12 to i32* %27 = inttoptr i64 %15 to i32* %28 = inttoptr i64 %18 to i32* %29 = inttoptr i64 %24 to i8* %30 = icmp eq i64 %24, 0 br i1 %30, label %51, label %31 %32 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %33 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %32, i64 0, i32 161, i32 17, i32 0 %34 = load i64, i64* %33, align 8 %35 = add i64 %34, -8 %36 = icmp ult i64 %35, %24 br i1 %36, label %165, label %37, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %38 = inttoptr i64 %24 to %struct.__large_struct* %39 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %38, i32 -14, i32 0) #6, !srcloc !9 %40 = extractvalue { i32, i64 } %39, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %165, !prof !11, !misexpect !12 %43 = extractvalue { i32, i64 } %39, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %44 = getelementptr i8, i8* %29, i64 4 %45 = bitcast i8* %44 to %struct.__large_struct* %46 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45, i32 -14, i32 0) #6, !srcloc !14 %47 = extractvalue { i32, i64 } %46, 1 %48 = extractvalue { i32, i64 } %46, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %49 = trunc i64 %47 to i32 %50 = icmp eq i32 %48, 0 br i1 %50, label %51, label %165, !prof !11, !misexpect !12 %52 = phi i64 [ %43, %42 ], [ 0, %1 ] %53 = phi i32 [ %49, %42 ], [ 0, %1 ] %54 = and i64 %52, 4294967295 %55 = inttoptr i64 %54 to %struct.kernel_cap_struct* %56 = bitcast %struct.cpumask* %4 to i8* %57 = bitcast %struct.cpumask* %5 to i8* %58 = bitcast %struct.anon.48* %6 to i8* %59 = bitcast %struct.anon.48* %7 to i8* %60 = icmp eq i64 %21, 0 br i1 %60, label %85, label %61 %62 = inttoptr i64 %21 to i8* %63 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %6, i8* nonnull %62) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %163 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = icmp sgt i64 %67, -1 %71 = icmp ult i64 %69, 1000000000 %72 = and i1 %70, %71 br i1 %72, label %73, label %163 %74 = or i64 %69, %67 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %77 call void @ktime_get_ts64(%struct.anon.48* nonnull %7) #69 %78 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %81 = load i64, i64* %80, align 8 %82 = call { i64, i64 } @timespec64_add_safe(i64 %79, i64 %81, i64 %67, i64 %69) #69 %83 = extractvalue { i64, i64 } %82, 0 %84 = extractvalue { i64, i64 } %82, 1 store i64 %83, i64* %78, align 8 store i64 %84, i64* %80, align 8 br label %85 %86 = phi %struct.anon.48* [ null, %51 ], [ %7, %77 ], [ %7, %76 ] %87 = icmp eq i64 %54, 0 br i1 %87, label %98, label %88 %89 = icmp eq i32 %53, 8 br i1 %89, label %90, label %163 %91 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %4, %struct.kernel_cap_struct* nonnull %55) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %163 %94 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %95 = load i64, i64* %94, align 8 %96 = and i64 %95, -262401 store i64 %96, i64* %94, align 8 %97 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %4, %struct.cpumask* nonnull %5) #69 br label %98 %99 = call fastcc i32 @compat_core_sys_select(i32 %25, i32* %26, i32* %27, i32* %28, %struct.anon.48* %86) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #69 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.anon.48* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.anon.48* nonnull %2) #69 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #69 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.anon.48* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.anon.48* %64) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.anon.48* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.anon.48* nonnull %2) #69 %48 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.anon.48* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.anon.48* %56) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __ia32_sys_pselect6 ------------- Path:  Function:__ia32_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_pselect6(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.cpumask, align 8 %11 = alloca %struct.anon.48, align 8 %12 = alloca %struct.anon.48, align 8 %13 = trunc i64 %0 to i32 %14 = inttoptr i64 %1 to %struct.tcp_mib* %15 = inttoptr i64 %2 to %struct.tcp_mib* %16 = inttoptr i64 %3 to %struct.tcp_mib* %17 = inttoptr i64 %4 to %struct.anon.48* %18 = inttoptr i64 %5 to i8* %19 = icmp eq i64 %5, 0 br i1 %19, label %40, label %20 %21 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %21, i64 0, i32 161, i32 17, i32 0 %23 = load i64, i64* %22, align 8 %24 = add i64 %23, -16 %25 = icmp ult i64 %24, %5 br i1 %25, label %151, label %26, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %27 = inttoptr i64 %5 to %struct.__large_struct* %28 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %27, i32 -14, i32 0) #6, !srcloc !9 %29 = extractvalue { i32, i64 } %28, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %151, !prof !11, !misexpect !12 %32 = extractvalue { i32, i64 } %28, 1 %33 = inttoptr i64 %32 to %struct.cpumask* tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %34 = getelementptr i8, i8* %18, i64 8 %35 = bitcast i8* %34 to %struct.__large_struct* %36 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %35, i32 -14, i32 0) #6, !srcloc !14 %37 = extractvalue { i32, i64 } %36, 1 %38 = extractvalue { i32, i64 } %36, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %151, !prof !11, !misexpect !12 %41 = phi %struct.cpumask* [ %33, %31 ], [ null, %6 ] %42 = phi i64 [ %37, %31 ], [ 0, %6 ] %43 = bitcast %struct.cpumask* %9 to i8* %44 = bitcast %struct.cpumask* %10 to i8* %45 = bitcast %struct.anon.48* %11 to i8* %46 = bitcast %struct.anon.48* %12 to i8* %47 = icmp eq i64 %4, 0 br i1 %47, label %71, label %48 %49 = call i32 @get_timespec64(%struct.anon.48* nonnull %11, %struct.anon.48* nonnull %17) #69 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %149 %52 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %55 = load i64, i64* %54, align 8 %56 = icmp sgt i64 %53, -1 %57 = icmp ult i64 %55, 1000000000 %58 = and i1 %56, %57 br i1 %58, label %59, label %149 %60 = or i64 %55, %53 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %63 call void @ktime_get_ts64(%struct.anon.48* nonnull %12) #69 %64 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 0 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 1 %67 = load i64, i64* %66, align 8 %68 = call { i64, i64 } @timespec64_add_safe(i64 %65, i64 %67, i64 %53, i64 %55) #69 %69 = extractvalue { i64, i64 } %68, 0 %70 = extractvalue { i64, i64 } %68, 1 store i64 %69, i64* %64, align 8 store i64 %70, i64* %66, align 8 br label %71 %72 = phi %struct.anon.48* [ null, %40 ], [ %12, %63 ], [ %12, %62 ] %73 = icmp eq %struct.cpumask* %41, null br i1 %73, label %85, label %74 %75 = icmp eq i64 %42, 8 br i1 %75, label %76, label %149 %77 = bitcast %struct.cpumask* %41 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %43, i8* nonnull %77, i64 8) #69 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %149 %81 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %9, i64 0, i32 0, i64 0 %82 = load i64, i64* %81, align 8 %83 = and i64 %82, -262401 store i64 %83, i64* %81, align 8 %84 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %9, %struct.cpumask* nonnull %10) #69 br label %85 %86 = call i32 @core_sys_select(i32 %13, %struct.tcp_mib* %14, %struct.tcp_mib* %15, %struct.tcp_mib* %16, %struct.anon.48* %72) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __x64_sys_pselect6 ------------- Path:  Function:__x64_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_pselect6(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.cpumask, align 8 %11 = alloca %struct.anon.48, align 8 %12 = alloca %struct.anon.48, align 8 %13 = trunc i64 %0 to i32 %14 = inttoptr i64 %1 to %struct.tcp_mib* %15 = inttoptr i64 %2 to %struct.tcp_mib* %16 = inttoptr i64 %3 to %struct.tcp_mib* %17 = inttoptr i64 %4 to %struct.anon.48* %18 = inttoptr i64 %5 to i8* %19 = icmp eq i64 %5, 0 br i1 %19, label %40, label %20 %21 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %21, i64 0, i32 161, i32 17, i32 0 %23 = load i64, i64* %22, align 8 %24 = add i64 %23, -16 %25 = icmp ult i64 %24, %5 br i1 %25, label %151, label %26, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %27 = inttoptr i64 %5 to %struct.__large_struct* %28 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %27, i32 -14, i32 0) #6, !srcloc !9 %29 = extractvalue { i32, i64 } %28, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %151, !prof !11, !misexpect !12 %32 = extractvalue { i32, i64 } %28, 1 %33 = inttoptr i64 %32 to %struct.cpumask* tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %34 = getelementptr i8, i8* %18, i64 8 %35 = bitcast i8* %34 to %struct.__large_struct* %36 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %35, i32 -14, i32 0) #6, !srcloc !14 %37 = extractvalue { i32, i64 } %36, 1 %38 = extractvalue { i32, i64 } %36, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %151, !prof !11, !misexpect !12 %41 = phi %struct.cpumask* [ %33, %31 ], [ null, %6 ] %42 = phi i64 [ %37, %31 ], [ 0, %6 ] %43 = bitcast %struct.cpumask* %9 to i8* %44 = bitcast %struct.cpumask* %10 to i8* %45 = bitcast %struct.anon.48* %11 to i8* %46 = bitcast %struct.anon.48* %12 to i8* %47 = icmp eq i64 %4, 0 br i1 %47, label %71, label %48 %49 = call i32 @get_timespec64(%struct.anon.48* nonnull %11, %struct.anon.48* nonnull %17) #69 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %149 %52 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %55 = load i64, i64* %54, align 8 %56 = icmp sgt i64 %53, -1 %57 = icmp ult i64 %55, 1000000000 %58 = and i1 %56, %57 br i1 %58, label %59, label %149 %60 = or i64 %55, %53 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %63 call void @ktime_get_ts64(%struct.anon.48* nonnull %12) #69 %64 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 0 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 1 %67 = load i64, i64* %66, align 8 %68 = call { i64, i64 } @timespec64_add_safe(i64 %65, i64 %67, i64 %53, i64 %55) #69 %69 = extractvalue { i64, i64 } %68, 0 %70 = extractvalue { i64, i64 } %68, 1 store i64 %69, i64* %64, align 8 store i64 %70, i64* %66, align 8 br label %71 %72 = phi %struct.anon.48* [ null, %40 ], [ %12, %63 ], [ %12, %62 ] %73 = icmp eq %struct.cpumask* %41, null br i1 %73, label %85, label %74 %75 = icmp eq i64 %42, 8 br i1 %75, label %76, label %149 %77 = bitcast %struct.cpumask* %41 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %43, i8* nonnull %77, i64 8) #69 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %149 %81 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %9, i64 0, i32 0, i64 0 %82 = load i64, i64* %81, align 8 %83 = and i64 %82, -262401 store i64 %83, i64* %81, align 8 %84 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %9, %struct.cpumask* nonnull %10) #69 br label %85 %86 = call i32 @core_sys_select(i32 %13, %struct.tcp_mib* %14, %struct.tcp_mib* %15, %struct.tcp_mib* %16, %struct.anon.48* %72) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_select %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.48* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_select %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.48* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 br label %93 %94 = phi %struct.task_struct.50485* [ %92, %91 ], [ %15, %89 ] %95 = icmp eq %struct.task_struct.50485* %94, null br i1 %95, label %99, label %96 %97 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %94, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 br label %93 %94 = phi %struct.task_struct.50485* [ %92, %91 ], [ %15, %89 ] %95 = icmp eq %struct.task_struct.50485* %94, null br i1 %95, label %99, label %96 %97 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %94, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kuid_t* %3 to i8* %11 = icmp eq i64 %8, 0 %12 = icmp slt i32 %9, 0 %13 = or i1 %12, %11 br i1 %13, label %40, label %14 %15 = inttoptr i64 %8 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %40 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %9, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %38, label %27 %28 = bitcast %struct.sched_attr* %2 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 1 store i32 -1, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %2, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.kuid_t* %3 to i8* %10 = icmp eq i64 %7, 0 %11 = icmp slt i32 %8, 0 %12 = or i1 %11, %10 br i1 %12, label %39, label %13 %14 = inttoptr i64 %7 to i8* %15 = call i64 @_copy_from_user(i8* nonnull %9, i8* %14, i64 4) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %39 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = icmp eq i32 %8, 0 br i1 %18, label %21, label %19 %22 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %23 %24 = phi %struct.task_struct.50485* [ %20, %19 ], [ %22, %21 ] %25 = icmp eq %struct.task_struct.50485* %24, null br i1 %25, label %37, label %26 %27 = bitcast %struct.sched_attr* %2 to i8* %28 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 1 store i32 -1, i32* %28, align 4 %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 3 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %24, i64 0, i32 16 %31 = load i32, i32* %30, align 8 %32 = add i32 %31, -120 store i32 %32, i32* %29, align 8 %33 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 4 %34 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 %35 = load i32, i32* %34, align 4 store i32 %35, i32* %33, align 4 %36 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %24, %struct.sched_attr* nonnull %2, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setscheduler 12 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %44, label %27 %28 = bitcast %struct.sched_attr* %4 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %7, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = and i32 %7, 1073741824 %38 = icmp eq i32 %37, 0 br i1 %38, label %42, label %39 %40 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 store i64 1, i64* %40, align 8 %41 = and i32 %7, -1073741825 store i32 %41, i32* %29, align 4 br label %42 %43 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setscheduler 12 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %44, label %27 %28 = bitcast %struct.sched_attr* %4 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %7, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = and i32 %7, 1073741824 %38 = icmp eq i32 %37, 0 br i1 %38, label %42, label %39 %40 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 store i64 1, i64* %40, align 8 %41 = and i32 %7, -1073741825 store i32 %41, i32* %29, align 4 br label %42 %43 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = alloca %struct.wait_opts, align 8 %3 = alloca %struct.rusage, align 8 %4 = alloca %struct.ist_info, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %8 to i32 %18 = inttoptr i64 %11 to %struct.compat_siginfo* %19 = trunc i64 %13 to i32 %20 = inttoptr i64 %16 to %struct.compat_rusage* %21 = bitcast %struct.rusage* %3 to i8* %22 = bitcast %struct.ist_info* %4 to i8* %23 = icmp eq i64 %16, 0 %24 = select i1 %23, %struct.rusage* null, %struct.rusage* %3 %25 = bitcast %struct.wait_opts* %2 to i8* %26 = and i32 %19, 520093680 %27 = icmp ne i32 %26, 0 %28 = and i32 %19, 14 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %40, label %31 %32 = trunc i64 %6 to i32 switch i32 %32, label %40 [ i32 0, label %41 i32 1, label %33 i32 2, label %35 ] %36 = icmp slt i32 %17, 1 br i1 %36, label %40, label %37 %38 = phi i32 [ 0, %33 ], [ 2, %35 ] %39 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %17) #69 br label %41 %42 = phi i32 [ %38, %37 ], [ 4, %31 ] %43 = phi %struct.pid.40929* [ %39, %37 ], [ null, %31 ] %44 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 0 store i32 %42, i32* %44, align 8 %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 2 store %struct.pid.40929* %43, %struct.pid.40929** %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 1 store i32 %19, i32* %46, align 4 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 3 store %struct.ist_info* %4, %struct.ist_info** %47, align 8 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 5 store %struct.rusage* %24, %struct.rusage** %48, align 8 %49 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %2) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __se_sys_waitid 12 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __se_sys_waitid 12 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 force_sig_info 9 force_sig 10 signal_fault 11 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %22 = bitcast %struct.cpumask* %20 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 8, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 store i64 %24, i64* %21, align 8 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %25 = extractvalue { i32, i64 } %23, 0 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 %31 = extractvalue { i32, i64 } %30, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !13, !misexpect !14 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 46, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 32 %37 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !16 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !17 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !18 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !19 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !20 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !21 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !22 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !23 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !24 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !25 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !26 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !27 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !28 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !29 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !30 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !31 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !32 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !33 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !34 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !35 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !36 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.10885* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !38 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1141, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void bitcast (void (i32, %struct.task_struct.39605*)* @force_sig to void (i32, %struct.task_struct.10885*)*)(i32 11, %struct.task_struct.10885* %4) #69 Function:force_sig %3 = tail call i32 @force_sig_info(i32 %0, %struct.siginfo* nonnull inttoptr (i64 1 to %struct.siginfo*), %struct.task_struct.39605* %1) #69 Function:force_sig_info %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %5 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %6 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %5, i64 0, i32 2, i32 0, i32 0 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %6) #69 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %9 = add i32 %0, -1 %10 = sext i32 %9 to i64 %11 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 1, i64 %10, i32 0, i32 0 %12 = load void (i32)*, void (i32)** %11, align 8 %13 = icmp eq void (i32)* %12, inttoptr (i64 1 to void (i32)*) %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 88, i32 0, i64 0 %15 = load i64, i64* %14, align 8 %16 = zext i32 %9 to i64 %17 = shl nuw i64 1, %16 %18 = and i64 %15, %17 %19 = icmp ne i64 %18, 0 %20 = or i1 %13, %19 br i1 %20, label %21, label %48 store void (i32)* null, void (i32)** %11, align 8 br i1 %19, label %22, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 5 %53 = load i32, i32* %52, align 8 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %61 %62 = icmp eq %struct.siginfo* %1, null br i1 %62, label %69, label %63 %64 = icmp ugt %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) br i1 %64, label %65, label %75 %76 = phi i32 [ 0, %65 ], [ %74, %69 ], [ 0, %63 ] %77 = tail call fastcc i32 @__send_signal(i32 %0, %struct.siginfo* %1, %struct.task_struct.39605* %2, i32 0, i32 %76) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 p4_pmu_handle_irq ------------- Path:  Function:p4_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events.3614* %6 = load i32, i32* getelementptr inbounds (%struct.x86_pmu.3618, %struct.x86_pmu.3618* bitcast (%struct.x86_pmu* @x86_pmu to %struct.x86_pmu.3618*), i64 0, i32 18), align 4 %7 = icmp sgt i32 %6, 0 br i1 %7, label %8, label %102 %9 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 1, i64 0 %10 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %11 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %12 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 %14 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 2, i64 0 br label %15 %16 = phi i64 [ 0, %8 ], [ %95, %93 ] %17 = phi i32 [ 0, %8 ], [ %94, %93 ] %18 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %16) #6, !srcloc !5 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %26 %27 = getelementptr %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %5, i64 0, i32 0, i64 %16 %28 = load %struct.perf_event.3604*, %struct.perf_event.3604** %27, align 8 %29 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 0, i32 0, i32 5 %30 = load i32, i32* %29, align 4 %31 = zext i32 %30 to i64 %32 = icmp eq i64 %16, %31 br i1 %32, label %34, label %33, !prof !7, !misexpect !8 %35 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 0, i32 0, i32 2 %36 = load i64, i64* %35, align 8 %37 = trunc i64 %36 to i32 %38 = call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 %37) #6, !srcloc !11 %39 = extractvalue { i64, i64 } %38, 0 %40 = extractvalue { i64, i64 } %38, 1 %41 = shl i64 %40, 32 %42 = or i64 %41, %39 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %43)) #6 to label %44 [label %43], !srcloc !12 call void @do_trace_read_msr(i32 %37, i64 %42, i32 0) #69 br label %44 %45 = trunc i64 %39 to i32 %46 = icmp sgt i32 %45, -1 br i1 %46, label %56, label %47 %48 = load i64, i64* %35, align 8 %49 = trunc i64 %48 to i32 %50 = and i64 %42, -2147483649 %51 = trunc i64 %50 to i32 %52 = lshr i64 %42, 32 %53 = trunc i64 %52 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 %49, i32 %51, i32 %53) #6, !srcloc !13 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %54)) #6 to label %71 [label %54], !srcloc !12 call void @do_trace_write_msr(i32 %49, i64 %50, i32 0) #69 %55 = call i64 bitcast (i64 (%struct.perf_event*)* @x86_perf_event_update to i64 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %28) #69 br label %82 %83 = phi i32 [ 1, %54 ], [ 0, %75 ], [ %72, %71 ] %84 = add i32 %83, %17 %85 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %28, i64 0, i32 26, i32 7 %86 = load i64, i64* %85, align 8 store i64 %86, i64* %10, align 8 store i64 0, i64* %11, align 32 store i64 84410401, i64* %12, align 16 store i64 0, i64* %13, align 8 %87 = call i32 bitcast (i32 (%struct.perf_event*)* @x86_perf_event_set_period to i32 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %28) #69 %88 = icmp eq i32 %87, 0 br i1 %88, label %93, label %89 %90 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.3604*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.3604* %28, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 knc_pmu_handle_irq ------------- Path:  Function:knc_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = alloca i64, align 8 %4 = bitcast %struct.perf_sample_data* %2 to i8* %5 = bitcast i64* %3 to i8* %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %7 = inttoptr i64 %6 to %struct.cpu_hw_events.3614* %8 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 47) #6, !srcloc !5 %9 = extractvalue { i64, i64 } %8, 0 %10 = extractvalue { i64, i64 } %8, 1 %11 = shl i64 %10, 32 %12 = or i64 %11, %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %13)) #6 to label %14 [label %13], !srcloc !6 tail call void @do_trace_read_msr(i32 47, i64 %12, i32 0) #69 br label %14 %15 = and i64 %12, -4 %16 = trunc i64 %15 to i32 %17 = lshr i64 %12, 32 %18 = trunc i64 %17 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 47, i32 %16, i32 %18) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %19)) #6 to label %20 [label %19], !srcloc !6 %21 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 45) #6, !srcloc !5 %22 = extractvalue { i64, i64 } %21, 0 %23 = extractvalue { i64, i64 } %21, 1 %24 = shl i64 %23, 32 %25 = or i64 %24, %22 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %26)) #6 to label %27 [label %26], !srcloc !6 store i64 %25, i64* %3, align 8 %28 = icmp eq i64 %25, 0 br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %7, i64 0, i32 1, i64 0 %31 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %32 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %33 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %34 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %48 %49 = phi i64 [ %99, %101 ], [ %25, %29 ] %50 = phi i32 [ %57, %101 ], [ 0, %29 ] %51 = phi i32 [ %94, %101 ], [ 0, %29 ] %52 = trunc i64 %49 to i32 %53 = lshr i64 %49, 32 %54 = trunc i64 %53 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 46, i32 %52, i32 %54) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %55)) #6 to label %56 [label %55], !srcloc !6 %57 = add nuw nsw i32 %50, 1 %58 = icmp eq i32 %50, 100 br i1 %58, label %59, label %63 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9), i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9)) #6, !srcloc !12 %64 = call i64 @find_first_bit(i64* nonnull %3, i64 64) #69 %65 = trunc i64 %64 to i32 %66 = icmp slt i32 %65, 64 br i1 %66, label %67, label %93 %68 = phi i32 [ %74, %87 ], [ %51, %63 ] %69 = phi i64 [ %90, %87 ], [ %64, %63 ] %70 = shl i64 %69, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %7, i64 0, i32 0, i64 %71 %73 = load %struct.perf_event.3604*, %struct.perf_event.3604** %72, align 8 %74 = add i32 %68, 1 %75 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %71) #6, !srcloc !13 %76 = and i8 %75, 1 %77 = icmp eq i8 %76, 0 br i1 %77, label %87, label %78 %79 = call i32 bitcast (i32 (%struct.perf_event.5361*)* @intel_pmu_save_and_restart to i32 (%struct.perf_event.3604*)*)(%struct.perf_event.3604* %73) #69 %80 = icmp eq i32 %79, 0 br i1 %80, label %87, label %81 %82 = getelementptr inbounds %struct.perf_event.3604, %struct.perf_event.3604* %73, i64 0, i32 26, i32 7 %83 = load i64, i64* %82, align 8 store i64 %83, i64* %31, align 8 store i64 0, i64* %32, align 32 store i64 84410401, i64* %33, align 16 store i64 0, i64* %34, align 8 %84 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.3604*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.3604* %73, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq 6 amd_pmu_handle_irq ------------- Path:  Function:amd_pmu_handle_irq %2 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.3614* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.3614*)) #6, !srcloc !4 %3 = inttoptr i64 %2 to %struct.cpu_hw_events.3614* %4 = getelementptr inbounds %struct.cpu_hw_events.3614, %struct.cpu_hw_events.3614* %3, i64 0, i32 1, i64 0 %5 = tail call i32 @__bitmap_weight(i64* %4, i32 64) #69 %6 = tail call i32 @x86_pmu_handle_irq(%struct.pt_regs* %0) #69 Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.97674*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.97674* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #6, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %20, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 %19 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.97674* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.97846, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.179, align 8 %6 = bitcast %struct.perf_output_handle.97846* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.179* %5 to i8* %9 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 58 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 33 %19 = load %struct.perf_event.97674*, %struct.perf_event.97674** %18, align 8 %20 = icmp eq %struct.perf_event.97674* %19, null %21 = select i1 %20, %struct.perf_event.97674* %0, %struct.perf_event.97674* %19 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %21, i64 0, i32 57 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.179, %struct.anon.179* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 57 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, %struct.perf_event.98220*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.97846*, %struct.perf_event.97674*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, %struct.perf_event.97674* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.98222*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.97846*, i8*, i32)*)(%struct.perf_output_handle.97846* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.97674* %0, %struct.perf_output_handle.97846* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.98222*)* @perf_output_end to void (%struct.perf_output_handle.97846*)*)(%struct.perf_output_handle.97846* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 6, i32 0, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 7, i32 0, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = icmp sgt i64 %7, 1 br i1 %8, label %11, label %9 %10 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 30 br label %12 %13 = phi i64 [ %5, %9 ], [ %19, %18 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %14 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %15 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %14, i64 0, i32 15 store volatile i64 %13, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store volatile i64 0, i64* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %16 = load volatile i64, i64* %4, align 8 %17 = icmp eq i64 %13, %16 br i1 %17, label %22, label %18, !prof !9, !misexpect !10 %23 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 2 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %3, i64 0, i32 9, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = icmp eq i64 %24, %26 br i1 %27, label %37, label %28 %29 = load %struct.ring_buffer.98206*, %struct.ring_buffer.98206** %2, align 8 %30 = getelementptr inbounds %struct.ring_buffer.98206, %struct.ring_buffer.98206* %29, i64 0, i32 5, i32 0 store volatile i32 1, i32* %30, align 4 %31 = getelementptr inbounds %struct.perf_output_handle.98222, %struct.perf_output_handle.98222* %0, i64 0, i32 0 %32 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %33 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %32, i64 0, i32 46 store i32 1, i32* %33, align 8 %34 = load %struct.perf_event.98220*, %struct.perf_event.98220** %31, align 8 %35 = getelementptr inbounds %struct.perf_event.98220, %struct.perf_event.98220* %34, i64 0, i32 49 %36 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %35) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6_ms ------------- Path:  Function:show_rc6_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278216) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6pp_ms ------------- Path:  Function:show_rc6pp_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278224) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_rc6p_ms ------------- Path:  Function:show_rc6p_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278220) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 intel_uncore_forcewake_put__locked 10 intel_rc6_residency_ns 11 show_media_rc6_ms ------------- Path:  Function:show_media_rc6_ms %4 = getelementptr inbounds %struct.device.356541, %struct.device.356541* %0, i64 0, i32 9 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.361496** %8 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %7, align 8 tail call void bitcast (void (%struct.drm_i915_private*)* @intel_runtime_pm_get to void (%struct.drm_i915_private.361496*)*)(%struct.drm_i915_private.361496* %8) #69 %9 = tail call i64 bitcast (i64 (%struct.drm_i915_private*, i32)* @intel_rc6_residency_ns to i64 (%struct.drm_i915_private.361496*, i32)*)(%struct.drm_i915_private.361496* %8, i32 1278220) #69 Function:intel_rc6_residency_ns %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %4 = bitcast [5 x i8]* %3 to i40* %5 = load i40, i40* %4, align 1 %6 = and i40 %5, 33554432 %7 = icmp eq i40 %6, 0 br i1 %7, label %125, label %8 %9 = add i32 %1, -1278212 %10 = lshr i32 %9, 2 %11 = zext i32 %10 to i64 %12 = icmp ugt i32 %9, 15 %13 = load i1, i1* @intel_rc6_residency_ns.__warned, align 1 %14 = xor i1 %13, true %15 = and i1 %12, %14 br i1 %15, label %16, label %17, !prof !4, !misexpect !5 store i1 true, i1* @intel_rc6_residency_ns.__warned, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.33572, i64 0, i64 0), i8* getelementptr inbounds ([270 x i8], [270 x i8]* @.str.41.33758, i64 0, i64 0)) #69 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.7.33574, i64 0, i64 0), i32 9864, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 737) #6, !srcloc !7 br label %17 br i1 %12, label %125, label %18, !prof !4, !misexpect !5 %19 = tail call i32 @intel_uncore_forcewake_for_reg(%struct.drm_i915_private* %0, i32 %1, i32 1) #69 %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0, i32 0, i32 0 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %20) #69 tail call void @intel_uncore_forcewake_get__locked(%struct.drm_i915_private* %0, i32 %19) #69 %22 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2359296 %25 = icmp eq i32 %24, 0 br i1 %25, label %75, label %26 %76 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %77 = load i16, i16* %76, align 2 %78 = and i16 %77, 256 %79 = icmp eq i16 %78, 0 br i1 %79, label %84, label %80 %81 = load i40, i40* %4, align 1 %82 = and i40 %81, 2 %83 = icmp eq i40 %82, 0 br i1 %83, label %84, label %85 %86 = phi i32 [ 1, %84 ], [ 12, %80 ] %87 = phi i64 [ 1280, %84 ], [ 10000, %80 ] %88 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %89 = load i8*, i8** %88, align 8 %90 = zext i32 %1 to i64 %91 = getelementptr i8, i8* %89, i64 %90 %92 = bitcast i8* %91 to i32* %93 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %92) #6, !srcloc !9 %94 = zext i32 %93 to i64 br label %95 %96 = phi i32 [ %28, %68 ], [ %86, %85 ] %97 = phi i64 [ 1000000, %68 ], [ %87, %85 ] %98 = phi i64 [ 1099511627776, %68 ], [ 4294967296, %85 ] %99 = phi i64 [ %74, %68 ], [ %94, %85 ] %100 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 2, i64 %11 %101 = load i64, i64* %100, align 8 store i64 %99, i64* %100, align 8 %102 = icmp ult i64 %99, %101 %103 = select i1 %102, i64 %98, i64 0 %104 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 101, i32 1, i32 3, i64 %11 %105 = load i64, i64* %104, align 8 %106 = sub i64 %99, %101 %107 = add i64 %106, %103 %108 = add i64 %107, %105 store i64 %108, i64* %104, align 8 tail call void @intel_uncore_forcewake_put__locked(%struct.drm_i915_private* %0, i32 %19) #69 Function:intel_uncore_forcewake_put__locked %3 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 4, i32 1 %4 = load void (%struct.drm_i915_private*, i32)*, void (%struct.drm_i915_private*, i32)** %3, align 8 %5 = icmp eq void (%struct.drm_i915_private*, i32)* %4, null br i1 %5, label %33, label %6 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 6 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %33, label %11 %12 = phi i32 [ %18, %29 ], [ %9, %6 ] %13 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %12, i32 -1) #4, !srcloc !4 %14 = zext i32 %13 to i64 %15 = shl nuw i64 1, %14 %16 = trunc i64 %15 to i32 %17 = xor i32 %16, -1 %18 = and i32 %12, %17 %19 = sext i32 %13 to i64 %20 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 %25 = add i32 %21, -1 store i32 %25, i32* %20, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 store i32 %21, i32* %20, align 8 %32 = getelementptr %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 12, i64 %19, i32 4 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %32, i64 1000000, i64 1000000, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_compat_sys_timerfd_settime ------------- Path:  Function:__ia32_compat_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.compat_itimerspec* %15 = inttoptr i64 %13 to %struct.compat_itimerspec* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_compat_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.compat_itimerspec* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 3 %30 = load %struct.file_operations.39492*, %struct.file_operations.39492** %29, align 8 %31 = icmp eq %struct.file_operations.39492* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 cpu_clock_event_add ------------- Path:  Function:cpu_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %28, label %5 %6 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = tail call i64 @sched_clock_cpu(i32 %6) #69 %8 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %10 = load i64, i64* %9, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %21 = load i64, i64* %20, align 8 %22 = icmp ugt i64 %21, 10000 %23 = select i1 %22, i64 %21, i64 10000 br label %24 %25 = phi i64 [ %18, %16 ], [ %23, %19 ] %26 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %27 = bitcast %union.anon.76.209* %26 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %27, i64 %25, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 cpu_clock_event_start ------------- Path:  Function:cpu_clock_event_start %3 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %4 = tail call i64 @sched_clock_cpu(i32 %3) #69 %5 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %4, i64* %5, align 8 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %25, label %9 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %16, label %13 %17 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %18 = load i64, i64* %17, align 8 %19 = icmp ugt i64 %18, 10000 %20 = select i1 %19, i64 %18, i64 10000 br label %21 %22 = phi i64 [ %15, %13 ], [ %20, %16 ] %23 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %24 = bitcast %union.anon.76.209* %23 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %24, i64 %22, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 task_clock_event_add ------------- Path:  Function:task_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %30, label %5 %6 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 27 %7 = load %struct.perf_event_context.97649*, %struct.perf_event_context.97649** %6, align 8 %8 = getelementptr inbounds %struct.perf_event_context.97649, %struct.perf_event_context.97649* %7, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %30, label %14 %15 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 10000 %25 = select i1 %24, i64 %23, i64 10000 br label %26 %27 = phi i64 [ %20, %18 ], [ %25, %21 ] %28 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %29 = bitcast %union.anon.76.209* %28 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %29, i64 %27, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 task_clock_event_start ------------- Path:  Function:task_clock_event_start %3 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 27 %4 = load %struct.perf_event_context.97649*, %struct.perf_event_context.97649** %3, align 8 %5 = getelementptr inbounds %struct.perf_event_context.97649, %struct.perf_event_context.97649* %4, i64 0, i32 18 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %6, i64* %7, align 8 %8 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 22, i32 3, i32 0 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %27, label %11 %12 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 8, i32 0, i32 0, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %18, label %15 %19 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 6 %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 10000 %22 = select i1 %21, i64 %20, i64 10000 br label %23 %24 = phi i64 [ %17, %15 ], [ %22, %18 ] %25 = getelementptr inbounds %struct.perf_event.97674, %struct.perf_event.97674* %0, i64 0, i32 26, i32 0 %26 = bitcast %union.anon.76.209* %25 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %26, i64 %24, i64 0, i32 3) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_compat_sys_nanosleep ------------- Path:  Function:__ia32_compat_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %8 to %struct.util_est* %10 = bitcast %struct.anon.48* %2 to i8* %11 = inttoptr i64 %5 to i8* %12 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* %11) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp eq i64 %8, 0 %24 = select i1 %23, i32 0, i32 2 %25 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1 %27 = bitcast %union.anon.25* %26 to %struct.anon.15* %28 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.util_est** store %struct.util_est* %9, %struct.util_est** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to %struct.anon.48* %10 = inttoptr i64 %8 to %struct.anon.48* %11 = bitcast %struct.anon.48* %2 to i8* %12 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* %9) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp ne i64 %8, 0 %24 = zext i1 %23 to i32 %25 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1 %27 = bitcast %union.anon.25* %26 to %struct.anon.15* %28 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 46, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.anon.48** store %struct.anon.48* %10, %struct.anon.48** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to %struct.anon.48** %5 = load %struct.anon.48*, %struct.anon.48** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.48* %9 = bitcast %struct.anon.48* %2 to i8* %10 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp ne i64 %7, 0 %22 = zext i1 %21 to i32 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 46, i32 1 %25 = bitcast %union.anon.25* %24 to %struct.anon.15* %26 = getelementptr inbounds %struct.anon.15, %struct.anon.15* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %23, i64 0, i32 46, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.anon.48** store %struct.anon.48* %8, %struct.anon.48** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.48* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.73470, align 8 %5 = bitcast %struct.hrtimer_sleeper.73470* %4 to i8* %6 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %6, i64 0, i32 150 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] %17 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %17, i32 %2, i32 %1) #69 %18 = getelementptr %struct.anon.48, %struct.anon.48* %0, i64 0, i32 0 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp sgt i64 %19, 9223372035 %23 = mul i64 %19, 1000000000 %24 = add i64 %23, %21 %25 = select i1 %22, i64 9223372036854775807, i64 %24, !prof !5 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = add i64 %25, %16 %28 = icmp slt i64 %27, 0 %29 = icmp slt i64 %27, %25 %30 = or i1 %28, %29 %31 = icmp slt i64 %27, %16 %32 = or i1 %31, %30 %33 = select i1 %32, i64 9223372036854775807, i64 %27 %34 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %4, i64 0, i32 0, i32 0, i32 1 store i64 %33, i64* %34, align 8 %35 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.73470* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.48, align 8 %5 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 1 store %struct.task_struct.50485* %5, %struct.task_struct.50485** %7, align 8 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 1 %10 = bitcast i64* %3 to i8* %11 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0 %12 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 1 %13 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %0, i64 0, i32 0, i32 0, i32 1 %14 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %5, i64 0, i32 4 br label %15 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 %26 = load i32, i32* %14, align 4 %27 = or i32 %26, 1073741824 store i32 %27, i32* %14, align 4 tail call void @schedule() #69 %28 = load i32, i32* %14, align 4 %29 = and i32 %28, -1073741825 store i32 %29, i32* %14, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = tail call i32 @_cond_resched() #69 %31 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33, !prof !9, !misexpect !7 %34 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.39605*)* @freezing_slow_path to i1 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* %5) #69 br i1 %34, label %35, label %37, !prof !6, !misexpect !7 %36 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %37 %38 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %39 = icmp sgt i32 %38, -1 br i1 %39, label %43, label %40 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %11) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %40 %44 = load %struct.task_struct.50485*, %struct.task_struct.50485** %7, align 8 %45 = icmp eq %struct.task_struct.50485* %44, null br i1 %45, label %50, label %46 %47 = load volatile i64, i64* %8, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %15, label %50 %16 = phi i32 [ %1, %2 ], [ 0, %46 ] store volatile i64 1, i64* %3, align 8 %17 = load volatile i64, i64* %3, align 8 %18 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %17, i64* %9) #6, !srcloc !5 store volatile i64 %18, i64* %3, align 8 %19 = load volatile i64, i64* %3, align 8 %20 = load i64, i64* %12, align 8 %21 = load i64, i64* %13, align 8 %22 = sub i64 %21, %20 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %11, i64 %20, i64 %22, i32 %16) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_compat_sys_mq_timedreceive ------------- Path:  Function:__ia32_compat_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.48* %24 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.48* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.48* %20 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.48* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.48* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.225134* %23, %struct.task_struct.225134** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 0 store %struct.task_struct.225134* %5, %struct.task_struct.225134** %6, align 8 %7 = zext i32 %1 to i64 %8 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 13, i64 %7, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %35, label %13 %14 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 15 %15 = load i32, i32* %14, align 4 br label %16 %17 = phi i8* [ %10, %13 ], [ %32, %30 ] %18 = getelementptr i8, i8* %17, i64 -8 %19 = bitcast i8* %18 to %struct.task_struct.225134** %20 = load %struct.task_struct.225134*, %struct.task_struct.225134** %19, align 8 %21 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %20, i64 0, i32 15 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, %15 br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %26 = getelementptr inbounds i8, i8* %17, i64 8 %27 = bitcast i8* %26 to %struct.list_head** %28 = load %struct.list_head*, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %27, align 8 %29 = bitcast %struct.list_head* %25 to i8** store i8* %17, i8** %29, align 8 br label %40 %41 = phi %struct.list_head* [ %28, %24 ], [ %38, %35 ] %42 = phi %struct.list_head* [ %25, %24 ], [ %36, %35 ] %43 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %41 to i64* store volatile i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %5, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %19) #69 %21 = icmp eq %struct.task_struct.39605* %20, null br i1 %21, label %50, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %20, i1 zeroext %33) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.39605* %11, null br i1 %12, label %37, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (i32)* @find_get_task_by_vpid to %struct.task_struct.39605* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.39605* %11, null br i1 %12, label %37, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.39605* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %61, label %6 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %8 = load %struct.task_struct.39605*, %struct.task_struct.39605** %7, align 8 %9 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.39605* %8, %9 br i1 %10, label %11, label %61 %12 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %17, !prof !5, !misexpect !6 %16 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.5127, i64 0, i64 0)) #70 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5117, i64 0, i64 0), i32 252, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 113) #6, !srcloc !8 br label %17 br i1 %1, label %61, label %18 %62 = phi i1 [ true, %2 ], [ true, %49 ], [ true, %6 ], [ true, %18 ], [ true, %53 ], [ true, %57 ], [ false, %45 ], [ false, %17 ] %63 = phi i32 [ -3, %2 ], [ -3, %49 ], [ -3, %6 ], [ -3, %18 ], [ -3, %53 ], [ -3, %57 ], [ 0, %45 ], [ 0, %17 ] %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %65 = or i1 %62, %1 %66 = select i1 %62, i32 %63, i32 0 br i1 %65, label %76, label %67 %68 = tail call i64 bitcast (i64 (%struct.task_struct.50485*, i64)* @wait_task_inactive to i64 (%struct.task_struct.39605*, i64)*)(%struct.task_struct.39605* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %11 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 68 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 8 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_compat_sys_epoll_pwait ------------- Path:  Function:__ia32_compat_sys_epoll_pwait %2 = alloca %struct.cpumask, align 8 %3 = alloca %struct.cpumask, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to %struct.epoll_event* %20 = trunc i64 %10 to i32 %21 = trunc i64 %12 to i32 %22 = inttoptr i64 %15 to %struct.kernel_cap_struct* %23 = bitcast %struct.cpumask* %2 to i8* %24 = bitcast %struct.cpumask* %3 to i8* %25 = icmp eq i64 %15, 0 br i1 %25, label %26, label %29 %30 = trunc i64 %17 to i32 %31 = icmp eq i32 %30, 8 br i1 %31, label %32, label %55 %33 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* nonnull %22) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %55 %36 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %37 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %36, i64 0, i32 88, i32 0, i64 0 %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 %39 = load i64, i64* %37, align 16 store i64 %39, i64* %38, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %40 = call fastcc i32 @do_epoll_wait(i32 %18, %struct.epoll_event* %19, i32 %20, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __se_sys_epoll_pwait 13 __ia32_sys_epoll_pwait ------------- Path:  Function:__ia32_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_epoll_pwait(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_epoll_pwait %7 = alloca %struct.cpumask, align 8 %8 = alloca %struct.cpumask, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.epoll_event* %11 = trunc i64 %2 to i32 %12 = trunc i64 %3 to i32 %13 = bitcast %struct.cpumask* %7 to i8* %14 = bitcast %struct.cpumask* %8 to i8* %15 = icmp eq i64 %4, 0 br i1 %15, label %16, label %18 %19 = icmp eq i64 %5, 8 br i1 %19, label %20, label %46 %21 = inttoptr i64 %4 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %21, i64 8) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %46 %25 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %26 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %25, i64 0, i32 88, i32 0, i64 0 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %28 = load i64, i64* %26, align 16 store i64 %28, i64* %27, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %7) #69 %29 = call fastcc i32 @do_epoll_wait(i32 %9, %struct.epoll_event* %10, i32 %11, i32 %12) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __se_sys_epoll_pwait 13 __x64_sys_epoll_pwait ------------- Path:  Function:__x64_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_epoll_pwait(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_epoll_pwait %7 = alloca %struct.cpumask, align 8 %8 = alloca %struct.cpumask, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.epoll_event* %11 = trunc i64 %2 to i32 %12 = trunc i64 %3 to i32 %13 = bitcast %struct.cpumask* %7 to i8* %14 = bitcast %struct.cpumask* %8 to i8* %15 = icmp eq i64 %4, 0 br i1 %15, label %16, label %18 %19 = icmp eq i64 %5, 8 br i1 %19, label %20, label %46 %21 = inttoptr i64 %4 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %21, i64 8) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %46 %25 = call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10 %26 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %25, i64 0, i32 88, i32 0, i64 0 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %28 = load i64, i64* %26, align 16 store i64 %28, i64* %27, align 8 call void @set_current_blocked(%struct.cpumask* nonnull %7) #69 %29 = call fastcc i32 @do_epoll_wait(i32 %9, %struct.epoll_event* %10, i32 %11, i32 %12) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_wait ------------- Path:  Function:__ia32_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.epoll_event* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %12, i32 %13, i32 %14) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_wait ------------- Path:  Function:__x64_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %6, i32 %12, i32 %13) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca i64, align 8 %11 = icmp slt i32 %2, 1 %12 = icmp ugt i32 %2, 178956970 %13 = or i1 %11, %12 br i1 %13, label %202, label %14 %15 = zext i32 %2 to i64 %16 = mul nuw nsw i64 %15, 12 %17 = tail call %struct.task_struct.137663* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137663** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.137663**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 161, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = ptrtoint %struct.epoll_event* %1 to i64 %21 = add i64 %16, %20 %22 = icmp ult i64 %21, %16 %23 = icmp ugt i64 %21, %19 %24 = or i1 %22, %23 br i1 %24, label %202, label %25, !prof !5, !misexpect !6 %26 = tail call i64 @__fdget(i32 %0) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.137712* %29 = icmp eq i64 %27, 0 br i1 %29, label %202, label %30 %31 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 3 %32 = load %struct.file_operations.137762*, %struct.file_operations.137762** %31, align 8 %33 = icmp eq %struct.file_operations.137762* %32, @eventpoll_fops br i1 %33, label %34, label %197 %35 = getelementptr inbounds %struct.file.137712, %struct.file.137712* %28, i64 0, i32 16 %36 = bitcast i8** %35 to %struct.eventpoll** %37 = load %struct.eventpoll*, %struct.eventpoll** %36, align 8 %38 = bitcast %struct.wait_queue_entry* %7 to i8* %39 = bitcast i64* %8 to i8* %40 = icmp sgt i32 %3, 0 br i1 %40, label %41, label %65 %42 = bitcast %struct.anon.48* %9 to i8* %43 = bitcast %struct.anon.48* %6 to i8* %44 = udiv i32 %3, 1000 %45 = zext i32 %44 to i64 %46 = urem i32 %3, 1000 %47 = mul nuw nsw i32 %46, 1000000 %48 = zext i32 %47 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %45, i64 %48) #69 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %55 = extractvalue { i64, i64 } %53, 0 store i64 %55, i64* %54, align 8 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %57 = extractvalue { i64, i64 } %53, 1 store i64 %57, i64* %56, align 8 %58 = call i64 @select_estimate_accuracy(%struct.anon.48* nonnull %9) #69 %59 = load i64, i64* %54, align 8 %60 = load i64, i64* %56, align 8 %61 = icmp sgt i64 %59, 9223372035 %62 = mul i64 %59, 1000000000 %63 = add i64 %62, %60 %64 = select i1 %61, i64 9223372036854775807, i64 %63, !prof !5 store i64 %64, i64* %8, align 8 br label %69 %70 = phi i64* [ %165, %186 ], [ %8, %41 ], [ null, %65 ] %71 = phi i64 [ %166, %186 ], [ %58, %41 ], [ 0, %65 ] %72 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 3 %73 = bitcast %struct.list_head* %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %77, label %90 %78 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %79 = load %struct.epitem*, %struct.epitem** %78, align 8 %80 = icmp eq %struct.epitem* %79, inttoptr (i64 -1 to %struct.epitem*) br i1 %80, label %81, label %90 %82 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %83 = load volatile i32, i32* %82, align 4 %84 = icmp ugt i32 %83, 64 br i1 %84, label %85, label %90 %86 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %90, label %88 %89 = bitcast %struct.eventpoll* %37 to i8* call void @napi_busy_loop(i32 %83, i1 (i8*, i64)* nonnull @ep_busy_loop_end, i8* %89) #69 br label %90 %91 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1 %92 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %91, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %92) #69 %93 = load volatile i64, i64* %73, align 8 %94 = inttoptr i64 %93 to %struct.list_head* %95 = icmp eq %struct.list_head* %72, %94 br i1 %95, label %96, label %164 %97 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 5 %98 = load %struct.epitem*, %struct.epitem** %97, align 8 %99 = icmp eq %struct.epitem* %98, inttoptr (i64 -1 to %struct.epitem*) br i1 %99, label %100, label %164 %101 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 10 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, 0 br i1 %103, label %105, label %104 store i32 0, i32* %101, align 8 br label %105 %106 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 %107 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %108 = bitcast i8** %107 to %struct.task_struct.137663** store %struct.task_struct.137663* %17, %struct.task_struct.137663** %108, align 8 %109 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* bitcast (i32 (%struct.wait_queue_entry.50604*, i32, i32, i8*)* @default_wake_function to i32 (%struct.wait_queue_entry*, i32, i32, i8*)*), i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %109, align 8 store i32 1, i32* %106, align 8 %110 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %111 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %37, i64 0, i32 1, i32 1 %112 = getelementptr inbounds %struct.list_head, %struct.list_head* %111, i64 0, i32 0 %113 = load %struct.list_head*, %struct.list_head** %112, align 8 %114 = getelementptr inbounds %struct.list_head, %struct.list_head* %113, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %114, align 8 %115 = getelementptr inbounds %struct.list_head, %struct.list_head* %110, i64 0, i32 0 store %struct.list_head* %113, %struct.list_head** %115, align 8 %116 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %111, %struct.list_head** %116, align 8 %117 = ptrtoint %struct.list_head* %110 to i64 %118 = bitcast %struct.list_head* %111 to i64* store volatile i64 %117, i64* %118, align 8 %119 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 91, i32 1, i32 0, i64 0 %120 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 1 %121 = getelementptr inbounds %struct.task_struct.137663, %struct.task_struct.137663* %17, i64 0, i32 0, i32 0 %122 = bitcast %struct.wait_queue_head* %91 to i8* %123 = bitcast i64* %10 to i8* br label %124 %125 = phi i32 [ 0, %105 ], [ %155, %152 ] store volatile i64 1, i64* %10, align 8 %126 = load volatile i64, i64* %10, align 8 %127 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %120, i64 %126, i64* %120) #6, !srcloc !7 store volatile i64 %127, i64* %10, align 8 %128 = load volatile i64, i64* %10, align 8 %129 = load volatile i64, i64* %121, align 8 %130 = and i64 %129, 4 %131 = icmp eq i64 %130, 0 br i1 %131, label %136, label %132 %133 = load i64, i64* %119, align 8 %134 = and i64 %133, 256 %135 = icmp eq i64 %134, 0 br i1 %135, label %136, label %156 %137 = load volatile i64, i64* %73, align 8 %138 = inttoptr i64 %137 to %struct.list_head* %139 = icmp eq %struct.list_head* %72, %138 br i1 %139, label %140, label %144 %141 = load %struct.epitem*, %struct.epitem** %97, align 8 %142 = icmp ne %struct.epitem* %141, inttoptr (i64 -1 to %struct.epitem*) %143 = zext i1 %142 to i32 br label %144 %145 = phi i32 [ 1, %136 ], [ %143, %140 ] %146 = or i32 %145, %125 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %156 %149 = load volatile i64, i64* %121, align 8 %150 = and i64 %149, 4 %151 = icmp eq i64 %150, 0 br i1 %151, label %152, label %156 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* %122, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %153 = call i32 @schedule_hrtimeout_range(i64* %70, i64 %71, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll ------------- Path:  Function:__ia32_compat_sys_ppoll %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.cpumask, align 8 %5 = alloca %struct.cpumask, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = inttoptr i64 %10 to %struct.perf_event_header* %22 = trunc i64 %12 to i32 %23 = inttoptr i64 %18 to %struct.kernel_cap_struct* %24 = trunc i64 %20 to i32 %25 = bitcast %struct.cpumask* %4 to i8* %26 = bitcast %struct.cpumask* %5 to i8* %27 = bitcast %struct.anon.48* %6 to i8* %28 = bitcast %struct.anon.48* %7 to i8* %29 = icmp eq i64 %15, 0 br i1 %29, label %54, label %30 %31 = inttoptr i64 %15 to i8* %32 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %6, i8* nonnull %31) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %133 %35 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, -1 %40 = icmp ult i64 %38, 1000000000 %41 = and i1 %39, %40 br i1 %41, label %42, label %133 %43 = or i64 %38, %36 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %46 call void @ktime_get_ts64(%struct.anon.48* nonnull %7) #69 %47 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = call { i64, i64 } @timespec64_add_safe(i64 %48, i64 %50, i64 %36, i64 %38) #69 %52 = extractvalue { i64, i64 } %51, 0 %53 = extractvalue { i64, i64 } %51, 1 store i64 %52, i64* %47, align 8 store i64 %53, i64* %49, align 8 br label %54 %55 = phi %struct.anon.48* [ null, %1 ], [ %7, %46 ], [ %7, %45 ] %56 = icmp eq i64 %18, 0 br i1 %56, label %62, label %57 %58 = icmp eq i32 %24, 8 br i1 %58, label %59, label %133 %60 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %4, %struct.kernel_cap_struct* nonnull %23) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %66, label %133 %67 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %68 = load i64, i64* %67, align 8 %69 = and i64 %68, -262401 store i64 %69, i64* %67, align 8 %70 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %4, %struct.cpumask* nonnull %5) #69 %71 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %21, i32 %22, %struct.anon.48* %55) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __ia32_sys_ppoll ------------- Path:  Function:__ia32_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_ppoll(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.cpumask, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.anon.48, align 8 %12 = inttoptr i64 %0 to %struct.perf_event_header* %13 = trunc i64 %1 to i32 %14 = inttoptr i64 %2 to %struct.anon.48* %15 = bitcast %struct.cpumask* %8 to i8* %16 = bitcast %struct.cpumask* %9 to i8* %17 = bitcast %struct.anon.48* %10 to i8* %18 = bitcast %struct.anon.48* %11 to i8* %19 = icmp eq i64 %2, 0 br i1 %19, label %43, label %20 %21 = call i32 @get_timespec64(%struct.anon.48* nonnull %10, %struct.anon.48* nonnull %14) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %122 %24 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %122 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %11) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ null, %5 ], [ %11, %35 ], [ %11, %34 ] %45 = icmp eq i64 %3, 0 br i1 %45, label %52, label %46 %47 = icmp eq i64 %4, 8 br i1 %47, label %48, label %122 %49 = inttoptr i64 %3 to i8* %50 = call i64 @_copy_from_user(i8* nonnull %15, i8* nonnull %49, i64 8) #69 %51 = icmp eq i64 %50, 0 br i1 %51, label %56, label %122 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %58 = load i64, i64* %57, align 8 %59 = and i64 %58, -262401 store i64 %59, i64* %57, align 8 %60 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %8, %struct.cpumask* nonnull %9) #69 %61 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %12, i32 %13, %struct.anon.48* %44) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __x64_sys_ppoll ------------- Path:  Function:__x64_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_ppoll(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.cpumask, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.anon.48, align 8 %12 = inttoptr i64 %0 to %struct.perf_event_header* %13 = trunc i64 %1 to i32 %14 = inttoptr i64 %2 to %struct.anon.48* %15 = bitcast %struct.cpumask* %8 to i8* %16 = bitcast %struct.cpumask* %9 to i8* %17 = bitcast %struct.anon.48* %10 to i8* %18 = bitcast %struct.anon.48* %11 to i8* %19 = icmp eq i64 %2, 0 br i1 %19, label %43, label %20 %21 = call i32 @get_timespec64(%struct.anon.48* nonnull %10, %struct.anon.48* nonnull %14) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %122 %24 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %10, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %122 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %11) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ null, %5 ], [ %11, %35 ], [ %11, %34 ] %45 = icmp eq i64 %3, 0 br i1 %45, label %52, label %46 %47 = icmp eq i64 %4, 8 br i1 %47, label %48, label %122 %49 = inttoptr i64 %3 to i8* %50 = call i64 @_copy_from_user(i8* nonnull %15, i8* nonnull %49, i64 8) #69 %51 = icmp eq i64 %50, 0 br i1 %51, label %56, label %122 %57 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 %58 = load i64, i64* %57, align 8 %59 = and i64 %58, -262401 store i64 %59, i64* %57, align 8 %60 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %8, %struct.cpumask* nonnull %9) #69 %61 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %12, i32 %13, %struct.anon.48* %44) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.48* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.48* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.48* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.48* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.48* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.48* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.48* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.48, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 86 %19 = load %struct.signal_struct.125836*, %struct.signal_struct.125836** %18, align 64 %20 = getelementptr %struct.signal_struct.125836, %struct.signal_struct.125836* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %325, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %49, %51 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %58, %51 ], [ %12, %23 ] %30 = phi i32 [ %54, %51 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %61, %51 ], [ %15, %23 ] %32 = phi i32* [ %60, %51 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %36 = bitcast %struct.perf_event_header* %35 to i8* %37 = sub i64 0, %28 %38 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %37 %39 = bitcast %struct.perf_event_header* %38 to i8* %40 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %41 = load i32, i32* %40, align 8 %42 = sext i32 %41 to i64 %43 = shl nsw i64 %42, 3 %44 = call i64 @_copy_from_user(i8* %36, i8* %39, i64 %43) #69 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %315 %47 = load i32, i32* %40, align 8 %48 = sext i32 %47 to i64 %49 = sub i64 %28, %48 %50 = icmp eq i64 %49, 0 br i1 %50, label %64, label %51 %65 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %69, align 4 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %73 = bitcast i64* %7 to i8* %74 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %75 = icmp eq i32 %74, 0 %76 = select i1 %75, i32 0, i32 32768 %77 = icmp eq %struct.anon.48* %2, null br i1 %77, label %134, label %78 %79 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %80 = load i64, i64* %79, align 8 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %87 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %87 %88 = bitcast %struct.anon.48* %5 to i8* %89 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 15 %90 = load i32, i32* %89, align 4 %91 = icmp sgt i32 %90, 99 br i1 %91, label %92, label %132 call void @ktime_get_ts64(%struct.anon.48* nonnull %5) #69 %93 = load i64, i64* %79, align 8 %94 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %95 = load i64, i64* %94, align 8 %96 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 0 %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %5, i64 0, i32 1 %99 = load i64, i64* %98, align 8 %100 = bitcast %struct.anon.48* %4 to i8* %101 = sub i64 %93, %97 %102 = sub i64 %95, %99 call void @set_normalized_timespec64(%struct.anon.48* nonnull %4, i64 %101, i64 %102) #69 %103 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %106 = load i64, i64* %105, align 8 store i64 %104, i64* %96, align 8 store i64 %106, i64* %98, align 8 %107 = icmp slt i64 %104, 0 br i1 %107, label %126, label %108 %109 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 16 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, -120 %112 = icmp sgt i32 %111, 0 %113 = select i1 %112, i64 200, i64 1000 %114 = trunc i64 %113 to i32 %115 = udiv i32 1000000000, %114 %116 = udiv i32 100000000, %115 %117 = zext i32 %116 to i64 %118 = icmp sgt i64 %104, %117 br i1 %118, label %126, label %119 %120 = zext i32 %115 to i64 %121 = sdiv i64 %106, %113 %122 = mul i64 %104, %120 %123 = add i64 %121, %122 %124 = icmp slt i64 %123, 100000000 %125 = select i1 %124, i64 %123, i64 100000000 br label %126 %127 = phi i64 [ 0, %92 ], [ 100000000, %108 ], [ %125, %119 ] %128 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 150 %129 = load i64, i64* %128, align 8 %130 = icmp ult i64 %127, %129 %131 = select i1 %130, i64 %129, i64 %127 br label %132 %133 = phi i64 [ 0, %87 ], [ %131, %126 ] br label %134 %135 = phi i32 [ 0, %132 ], [ 1, %86 ], [ 0, %64 ] %136 = phi i64 [ %133, %132 ], [ 0, %86 ], [ 0, %64 ] %137 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %138 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %139 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %140 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %141 = bitcast i64* %6 to i8* br label %142 %143 = phi i32 [ 0, %248 ], [ %135, %134 ] %144 = phi i32 [ %238, %248 ], [ 0, %134 ] %145 = phi i32 [ %224, %248 ], [ %76, %134 ] %146 = phi i64 [ %251, %248 ], [ 0, %134 ] %147 = phi i64* [ %153, %248 ], [ null, %134 ] %148 = icmp eq i64 %146, 0 br label %149 %150 = phi i32 [ %143, %142 ], [ %282, %281 ] %151 = phi i32 [ %144, %142 ], [ %238, %281 ] %152 = phi i32 [ %145, %142 ], [ 0, %281 ] %153 = phi i64* [ %147, %142 ], [ %273, %281 ] br label %154 %155 = phi i32 [ 0, %255 ], [ %150, %149 ] %156 = phi i32 [ %238, %255 ], [ %151, %149 ] %157 = phi i32 [ %224, %255 ], [ %152, %149 ] br label %158 %159 = phi %struct.poll_list* [ %226, %221 ], [ %12, %154 ] %160 = phi i32 [ %224, %221 ], [ %157, %154 ] %161 = phi i32 [ %223, %221 ], [ %156, %154 ] %162 = phi i8 [ %222, %221 ], [ 0, %154 ] %163 = phi i32* [ %227, %221 ], [ %14, %154 ] %164 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 0 %165 = load i32, i32* %163, align 8 %166 = sext i32 %165 to i64 %167 = getelementptr %struct.poll_list, %struct.poll_list* %159, i64 0, i32 2, i64 %166 %168 = icmp eq %struct.perf_event_header* %164, %167 br i1 %168, label %221, label %169 %170 = phi %struct.perf_event_header* [ %219, %215 ], [ %164, %158 ] %171 = phi i32 [ %218, %215 ], [ %160, %158 ] %172 = phi i32 [ %217, %215 ], [ %161, %158 ] %173 = phi i8 [ %216, %215 ], [ %162, %158 ] %174 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 0 %175 = load i32, i32* %174, align 4 %176 = icmp slt i32 %175, 0 br i1 %176, label %177, label %179 %180 = call i64 @__fdget(i32 %175) #69 %181 = and i64 %180, -4 %182 = inttoptr i64 %181 to %struct.file.125374* %183 = icmp eq i64 %181, 0 br i1 %183, label %184, label %186 %187 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 1 %188 = load i16, i16* %187, align 4 %189 = and i16 %188, 10215 %190 = or i16 %189, 24 %191 = zext i16 %190 to i32 %192 = or i32 %171, %191 store i32 %192, i32* %66, align 8 %193 = getelementptr inbounds %struct.file.125374, %struct.file.125374* %182, i64 0, i32 3 %194 = load %struct.file_operations.125339*, %struct.file_operations.125339** %193, align 8 %195 = getelementptr inbounds %struct.file_operations.125339, %struct.file_operations.125339* %194, i64 0, i32 8 %196 = load i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)*, i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)** %195, align 8 %197 = icmp eq i32 (%struct.file.125374*, %struct.poll_table_struct.125309*)* %196, null br i1 %197, label %200, label %198, !prof !5, !misexpect !6 %199 = call i32 %196(%struct.file.125374* nonnull %182, %struct.poll_table_struct.125309* nonnull %72) #69 br label %200 %201 = phi i32 [ %199, %198 ], [ 325, %186 ] %202 = and i32 %201, %171 %203 = icmp eq i32 %202, 0 %204 = select i1 %203, i8 %173, i8 1 %205 = and i32 %201, %191 %206 = and i64 %180, 1 %207 = icmp eq i64 %206, 0 br i1 %207, label %209, label %208 call void bitcast (void (%struct.file.121581*)* @fput to void (%struct.file.125374*)*)(%struct.file.125374* nonnull %182) #69 br label %209 %210 = trunc i32 %205 to i16 %211 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %170, i64 0, i32 2 store i16 %210, i16* %211, align 2 %212 = icmp eq i32 %205, 0 br i1 %212, label %215, label %213 %214 = add i32 %172, 1 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 br label %215 %216 = phi i8 [ %204, %209 ], [ 0, %213 ], [ %173, %177 ] %217 = phi i32 [ %172, %209 ], [ %214, %213 ], [ %172, %177 ] %218 = phi i32 [ %171, %209 ], [ 0, %213 ], [ %171, %177 ] %219 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %170, i64 1 %220 = icmp eq %struct.perf_event_header* %219, %167 br i1 %220, label %221, label %169 %222 = phi i8 [ %162, %158 ], [ %216, %215 ] %223 = phi i32 [ %161, %158 ], [ %217, %215 ] %224 = phi i32 [ %160, %158 ], [ %218, %215 ] %225 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %159, i64 0, i32 0 %226 = load %struct.poll_list*, %struct.poll_list** %225, align 8 %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %226, i64 0, i32 1 %228 = icmp eq %struct.poll_list* %226, null br i1 %228, label %229, label %158 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %65, align 8 %230 = icmp eq i32 %223, 0 br i1 %230, label %231, label %237 %232 = load i32, i32* %69, align 4 %233 = load volatile i64, i64* %139, align 8 %234 = and i64 %233, 4 %235 = icmp eq i64 %234, 0 %236 = select i1 %235, i32 %232, i32 -4 br label %237 %238 = phi i32 [ %223, %229 ], [ %236, %231 ] %239 = or i32 %238, %155 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %288 %242 = icmp eq i8 %222, 0 br i1 %242, label %262, label %243 %244 = load volatile i64, i64* %139, align 8 %245 = and i64 %244, 8 %246 = icmp eq i64 %245, 0 br i1 %246, label %247, label %262 br i1 %148, label %248, label %252 %253 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %254 = icmp eq i32 %253, 0 br i1 %254, label %262, label %255 %256 = zext i32 %253 to i64 %257 = add nuw nsw i64 %146, %256 %258 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %259 = call i64 @sched_clock_cpu(i32 %258) #69 %260 = lshr i64 %259, 10 %261 = icmp ult i64 %257, %260 br i1 %261, label %262, label %154 %263 = icmp ne i64* %153, null %264 = or i1 %77, %263 br i1 %264, label %272, label %265 %266 = load i64, i64* %137, align 8 %267 = load i64, i64* %138, align 8 %268 = icmp sgt i64 %266, 9223372035 %269 = mul i64 %266, 1000000000 %270 = add i64 %269, %267 %271 = select i1 %268, i64 9223372036854775807, i64 %270, !prof !5 store i64 %271, i64* %7, align 8 br label %272 %273 = phi i64* [ %153, %262 ], [ %7, %265 ] store volatile i64 1, i64* %6, align 8 %274 = load volatile i64, i64* %6, align 8 %275 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %140, i64 %274, i64* %140) #6, !srcloc !8 store volatile i64 %275, i64* %6, align 8 %276 = load volatile i64, i64* %6, align 8 %277 = load i32, i32* %68, align 8 %278 = icmp eq i32 %277, 0 br i1 %278, label %283, label %279 %284 = call i32 @schedule_hrtimeout_range(i64* %273, i64 %136, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_pselect6 ------------- Path:  Function:__ia32_compat_sys_pselect6 %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.cpumask, align 8 %5 = alloca %struct.cpumask, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = and i64 %23, 4294967295 %25 = trunc i64 %9 to i32 %26 = inttoptr i64 %12 to i32* %27 = inttoptr i64 %15 to i32* %28 = inttoptr i64 %18 to i32* %29 = inttoptr i64 %24 to i8* %30 = icmp eq i64 %24, 0 br i1 %30, label %51, label %31 %32 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %33 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %32, i64 0, i32 161, i32 17, i32 0 %34 = load i64, i64* %33, align 8 %35 = add i64 %34, -8 %36 = icmp ult i64 %35, %24 br i1 %36, label %165, label %37, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %38 = inttoptr i64 %24 to %struct.__large_struct* %39 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %38, i32 -14, i32 0) #6, !srcloc !9 %40 = extractvalue { i32, i64 } %39, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %165, !prof !11, !misexpect !12 %43 = extractvalue { i32, i64 } %39, 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %44 = getelementptr i8, i8* %29, i64 4 %45 = bitcast i8* %44 to %struct.__large_struct* %46 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45, i32 -14, i32 0) #6, !srcloc !14 %47 = extractvalue { i32, i64 } %46, 1 %48 = extractvalue { i32, i64 } %46, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %49 = trunc i64 %47 to i32 %50 = icmp eq i32 %48, 0 br i1 %50, label %51, label %165, !prof !11, !misexpect !12 %52 = phi i64 [ %43, %42 ], [ 0, %1 ] %53 = phi i32 [ %49, %42 ], [ 0, %1 ] %54 = and i64 %52, 4294967295 %55 = inttoptr i64 %54 to %struct.kernel_cap_struct* %56 = bitcast %struct.cpumask* %4 to i8* %57 = bitcast %struct.cpumask* %5 to i8* %58 = bitcast %struct.anon.48* %6 to i8* %59 = bitcast %struct.anon.48* %7 to i8* %60 = icmp eq i64 %21, 0 br i1 %60, label %85, label %61 %62 = inttoptr i64 %21 to i8* %63 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %6, i8* nonnull %62) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %163 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %69 = load i64, i64* %68, align 8 %70 = icmp sgt i64 %67, -1 %71 = icmp ult i64 %69, 1000000000 %72 = and i1 %70, %71 br i1 %72, label %73, label %163 %74 = or i64 %69, %67 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %77 call void @ktime_get_ts64(%struct.anon.48* nonnull %7) #69 %78 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %81 = load i64, i64* %80, align 8 %82 = call { i64, i64 } @timespec64_add_safe(i64 %79, i64 %81, i64 %67, i64 %69) #69 %83 = extractvalue { i64, i64 } %82, 0 %84 = extractvalue { i64, i64 } %82, 1 store i64 %83, i64* %78, align 8 store i64 %84, i64* %80, align 8 br label %85 %86 = phi %struct.anon.48* [ null, %51 ], [ %7, %77 ], [ %7, %76 ] %87 = icmp eq i64 %54, 0 br i1 %87, label %98, label %88 %89 = icmp eq i32 %53, 8 br i1 %89, label %90, label %163 %91 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %4, %struct.kernel_cap_struct* nonnull %55) #69 %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %163 %94 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %95 = load i64, i64* %94, align 8 %96 = and i64 %95, -262401 store i64 %96, i64* %94, align 8 %97 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %4, %struct.cpumask* nonnull %5) #69 br label %98 %99 = call fastcc i32 @compat_core_sys_select(i32 %25, i32* %26, i32* %27, i32* %28, %struct.anon.48* %86) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #69 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.anon.48* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.anon.48* nonnull %2) #69 %56 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #69 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.anon.48* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.anon.48* %64) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.anon.48, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.anon.48* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.anon.48* nonnull %2) #69 %48 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.anon.48* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.anon.48* %56) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 6291648) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __ia32_sys_pselect6 ------------- Path:  Function:__ia32_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_pselect6(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.cpumask, align 8 %11 = alloca %struct.anon.48, align 8 %12 = alloca %struct.anon.48, align 8 %13 = trunc i64 %0 to i32 %14 = inttoptr i64 %1 to %struct.tcp_mib* %15 = inttoptr i64 %2 to %struct.tcp_mib* %16 = inttoptr i64 %3 to %struct.tcp_mib* %17 = inttoptr i64 %4 to %struct.anon.48* %18 = inttoptr i64 %5 to i8* %19 = icmp eq i64 %5, 0 br i1 %19, label %40, label %20 %21 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %21, i64 0, i32 161, i32 17, i32 0 %23 = load i64, i64* %22, align 8 %24 = add i64 %23, -16 %25 = icmp ult i64 %24, %5 br i1 %25, label %151, label %26, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %27 = inttoptr i64 %5 to %struct.__large_struct* %28 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %27, i32 -14, i32 0) #6, !srcloc !9 %29 = extractvalue { i32, i64 } %28, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %151, !prof !11, !misexpect !12 %32 = extractvalue { i32, i64 } %28, 1 %33 = inttoptr i64 %32 to %struct.cpumask* tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %34 = getelementptr i8, i8* %18, i64 8 %35 = bitcast i8* %34 to %struct.__large_struct* %36 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %35, i32 -14, i32 0) #6, !srcloc !14 %37 = extractvalue { i32, i64 } %36, 1 %38 = extractvalue { i32, i64 } %36, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %151, !prof !11, !misexpect !12 %41 = phi %struct.cpumask* [ %33, %31 ], [ null, %6 ] %42 = phi i64 [ %37, %31 ], [ 0, %6 ] %43 = bitcast %struct.cpumask* %9 to i8* %44 = bitcast %struct.cpumask* %10 to i8* %45 = bitcast %struct.anon.48* %11 to i8* %46 = bitcast %struct.anon.48* %12 to i8* %47 = icmp eq i64 %4, 0 br i1 %47, label %71, label %48 %49 = call i32 @get_timespec64(%struct.anon.48* nonnull %11, %struct.anon.48* nonnull %17) #69 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %149 %52 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %55 = load i64, i64* %54, align 8 %56 = icmp sgt i64 %53, -1 %57 = icmp ult i64 %55, 1000000000 %58 = and i1 %56, %57 br i1 %58, label %59, label %149 %60 = or i64 %55, %53 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %63 call void @ktime_get_ts64(%struct.anon.48* nonnull %12) #69 %64 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 0 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 1 %67 = load i64, i64* %66, align 8 %68 = call { i64, i64 } @timespec64_add_safe(i64 %65, i64 %67, i64 %53, i64 %55) #69 %69 = extractvalue { i64, i64 } %68, 0 %70 = extractvalue { i64, i64 } %68, 1 store i64 %69, i64* %64, align 8 store i64 %70, i64* %66, align 8 br label %71 %72 = phi %struct.anon.48* [ null, %40 ], [ %12, %63 ], [ %12, %62 ] %73 = icmp eq %struct.cpumask* %41, null br i1 %73, label %85, label %74 %75 = icmp eq i64 %42, 8 br i1 %75, label %76, label %149 %77 = bitcast %struct.cpumask* %41 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %43, i8* nonnull %77, i64 8) #69 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %149 %81 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %9, i64 0, i32 0, i64 0 %82 = load i64, i64* %81, align 8 %83 = and i64 %82, -262401 store i64 %83, i64* %81, align 8 %84 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %9, %struct.cpumask* nonnull %10) #69 br label %85 %86 = call i32 @core_sys_select(i32 %13, %struct.tcp_mib* %14, %struct.tcp_mib* %15, %struct.tcp_mib* %16, %struct.anon.48* %72) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __x64_sys_pselect6 ------------- Path:  Function:__x64_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_pselect6(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.48, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.cpumask, align 8 %11 = alloca %struct.anon.48, align 8 %12 = alloca %struct.anon.48, align 8 %13 = trunc i64 %0 to i32 %14 = inttoptr i64 %1 to %struct.tcp_mib* %15 = inttoptr i64 %2 to %struct.tcp_mib* %16 = inttoptr i64 %3 to %struct.tcp_mib* %17 = inttoptr i64 %4 to %struct.anon.48* %18 = inttoptr i64 %5 to i8* %19 = icmp eq i64 %5, 0 br i1 %19, label %40, label %20 %21 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %21, i64 0, i32 161, i32 17, i32 0 %23 = load i64, i64* %22, align 8 %24 = add i64 %23, -16 %25 = icmp ult i64 %24, %5 br i1 %25, label %151, label %26, !prof !5, !misexpect !6 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %27 = inttoptr i64 %5 to %struct.__large_struct* %28 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %27, i32 -14, i32 0) #6, !srcloc !9 %29 = extractvalue { i32, i64 } %28, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %151, !prof !11, !misexpect !12 %32 = extractvalue { i32, i64 } %28, 1 %33 = inttoptr i64 %32 to %struct.cpumask* tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %34 = getelementptr i8, i8* %18, i64 8 %35 = bitcast i8* %34 to %struct.__large_struct* %36 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %35, i32 -14, i32 0) #6, !srcloc !14 %37 = extractvalue { i32, i64 } %36, 1 %38 = extractvalue { i32, i64 } %36, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %151, !prof !11, !misexpect !12 %41 = phi %struct.cpumask* [ %33, %31 ], [ null, %6 ] %42 = phi i64 [ %37, %31 ], [ 0, %6 ] %43 = bitcast %struct.cpumask* %9 to i8* %44 = bitcast %struct.cpumask* %10 to i8* %45 = bitcast %struct.anon.48* %11 to i8* %46 = bitcast %struct.anon.48* %12 to i8* %47 = icmp eq i64 %4, 0 br i1 %47, label %71, label %48 %49 = call i32 @get_timespec64(%struct.anon.48* nonnull %11, %struct.anon.48* nonnull %17) #69 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %149 %52 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %11, i64 0, i32 1 %55 = load i64, i64* %54, align 8 %56 = icmp sgt i64 %53, -1 %57 = icmp ult i64 %55, 1000000000 %58 = and i1 %56, %57 br i1 %58, label %59, label %149 %60 = or i64 %55, %53 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %63 call void @ktime_get_ts64(%struct.anon.48* nonnull %12) #69 %64 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 0 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %12, i64 0, i32 1 %67 = load i64, i64* %66, align 8 %68 = call { i64, i64 } @timespec64_add_safe(i64 %65, i64 %67, i64 %53, i64 %55) #69 %69 = extractvalue { i64, i64 } %68, 0 %70 = extractvalue { i64, i64 } %68, 1 store i64 %69, i64* %64, align 8 store i64 %70, i64* %66, align 8 br label %71 %72 = phi %struct.anon.48* [ null, %40 ], [ %12, %63 ], [ %12, %62 ] %73 = icmp eq %struct.cpumask* %41, null br i1 %73, label %85, label %74 %75 = icmp eq i64 %42, 8 br i1 %75, label %76, label %149 %77 = bitcast %struct.cpumask* %41 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %43, i8* nonnull %77, i64 8) #69 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %149 %81 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %9, i64 0, i32 0, i64 0 %82 = load i64, i64* %81, align 8 %83 = and i64 %82, -262401 store i64 %83, i64* %81, align 8 %84 = call i32 @sigprocmask(i32 2, %struct.cpumask* nonnull %9, %struct.cpumask* nonnull %10) #69 br label %85 %86 = call i32 @core_sys_select(i32 %13, %struct.tcp_mib* %14, %struct.tcp_mib* %15, %struct.tcp_mib* %16, %struct.anon.48* %72) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_select %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.48* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_select %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.anon.48, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.48* %6 to i8* %13 = bitcast %struct.anon.48* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.48* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.48* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.48* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %113, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %12, i64 0, i32 84 %14 = load %struct.files_struct.125808*, %struct.files_struct.125808** %13, align 16 %15 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.125807** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.125807* %19 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 6291648, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %113, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %59, label %56 %57 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %60, label %109 %61 = bitcast %struct.tcp_mib* %2 to i8* %62 = icmp eq %struct.tcp_mib* %2, null br i1 %62, label %66, label %63 %64 = call i64 @_copy_from_user(i8* %35, i8* nonnull %61, i64 %26) #69 %65 = icmp eq i64 %64, 0 br i1 %65, label %67, label %109 %68 = bitcast %struct.tcp_mib* %3 to i8* %69 = icmp eq %struct.tcp_mib* %3, null br i1 %69, label %73, label %70 %71 = call i64 @_copy_from_user(i8* %39, i8* nonnull %68, i64 %26) #69 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %109 %75 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.48* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.48, align 8 %6 = alloca %struct.anon.48, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.125877* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125877** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125877**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 84 %19 = load %struct.files_struct.125808*, %struct.files_struct.125808** %18, align 16 %20 = getelementptr inbounds %struct.files_struct.125808, %struct.files_struct.125808* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.125807** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.125807* %24 = getelementptr inbounds %struct.fdtable.125807, %struct.fdtable.125807* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* @__pollwait, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.125877* %17, %struct.task_struct.125877** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.48* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.125877, %struct.task_struct.125877* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)* null, void (%struct.file.125374*, %struct.wait_queue_head*, %struct.poll_table_struct.125309*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.73470, align 8 %6 = bitcast %struct.hrtimer_sleeper.73470* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0 call void @hrtimer_init(%struct.hrtimer* nonnull %16, i32 %3, i32 %2) #69 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 0, i32 2 store i32 (%struct.hrtimer*)* @hrtimer_wakeup, i32 (%struct.hrtimer*)** %28, align 8 %29 = getelementptr inbounds %struct.hrtimer_sleeper.73470, %struct.hrtimer_sleeper.73470* %5, i64 0, i32 1 store %struct.task_struct.50485* %27, %struct.task_struct.50485** %29, align 8 %30 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %30, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 br label %16 %17 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %18 = icmp eq %struct.hrtimer_clock_base* %17, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %18, label %29, label %19, !prof !8, !misexpect !9 %20 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %17, i64 0, i32 0 %21 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %20, align 64 %22 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %21, i64 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %25 = icmp eq %struct.hrtimer_clock_base* %17, %24 br i1 %25, label %30, label %26, !prof !4, !misexpect !9 %31 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %17) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 br label %93 %94 = phi %struct.task_struct.50485* [ %92, %91 ], [ %15, %89 ] %95 = icmp eq %struct.task_struct.50485* %94, null br i1 %95, label %99, label %96 %97 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %94, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.sched_attr* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %4 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %5, 0 %11 = or i1 %10, %9 %12 = icmp ne i32 %7, 0 %13 = or i1 %11, %12 br i1 %13, label %101, label %14 %15 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %15, i64 0, i32 161, i32 17, i32 0 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, -48 %19 = icmp ult i64 %18, %1 br i1 %19, label %75, label %20, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %6, i64 0, i32 0 %23 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %21) #6, !srcloc !7 %24 = extractvalue { i32*, i64, i64 } %23, 0 %25 = extractvalue { i32*, i64, i64 } %23, 1 %26 = extractvalue { i32*, i64, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = trunc i64 %27 to i32 %29 = trunc i64 %25 to i32 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %75 %32 = and i64 %25, 4294967295 %33 = icmp ugt i64 %32, 4096 br i1 %33, label %70, label %34 %35 = icmp eq i32 %29, 0 %36 = select i1 %35, i32 48, i32 %29 %37 = icmp ult i32 %36, 48 br i1 %37, label %70, label %38 %39 = icmp eq i32 %36, 48 br i1 %39, label %40, label %42 %43 = zext i32 %36 to i64 %44 = inttoptr i64 %1 to i8* %45 = getelementptr %struct.sched_attr, %struct.sched_attr* %6, i64 1 %46 = bitcast %struct.sched_attr* %45 to i8* %47 = getelementptr i8, i8* %44, i64 %43 %48 = icmp ugt i8* %47, %46 br i1 %48, label %51, label %65 %52 = phi i8* [ %64, %49 ], [ %46, %42 ] %54 = tail call { i8*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %52, i64 1, i64 %53) #6, !srcloc !8 %55 = extractvalue { i8*, i64, i64 } %54, 0 %56 = extractvalue { i8*, i64, i64 } %54, 2 %57 = ptrtoint i8* %55 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %72 %61 = extractvalue { i8*, i64, i64 } %54, 1 %62 = trunc i64 %61 to i8 %63 = icmp eq i8 %62, 0 %64 = getelementptr i8, i8* %52, i64 1 br i1 %63, label %49, label %70 %50 = icmp ult i8* %64, %47 br i1 %50, label %51, label %65 %66 = phi i8* [ %41, %40 ], [ %44, %42 ], [ %44, %49 ] %67 = call i64 @_copy_from_user(i8* nonnull %8, i8* %66, i64 48) #69 %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %79, label %75 %80 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %81 = load i32, i32* %80, align 8 %82 = icmp sgt i32 %81, -20 %83 = select i1 %82, i32 %81, i32 -20 %84 = icmp slt i32 %83, 19 %85 = select i1 %84, i32 %83, i32 19 store i32 %85, i32* %80, align 8 %86 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %87 = load i32, i32* %86, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %101, label %89 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = icmp eq i32 %5, 0 br i1 %90, label %93, label %91 %92 = call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %5) #69 br label %93 %94 = phi %struct.task_struct.50485* [ %92, %91 ], [ %15, %89 ] %95 = icmp eq %struct.task_struct.50485* %94, null br i1 %95, label %99, label %96 %97 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %94, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kuid_t* %3 to i8* %11 = icmp eq i64 %8, 0 %12 = icmp slt i32 %9, 0 %13 = or i1 %12, %11 br i1 %13, label %40, label %14 %15 = inttoptr i64 %8 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %40 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %9, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %38, label %27 %28 = bitcast %struct.sched_attr* %2 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 1 store i32 -1, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %2, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = alloca %struct.sched_attr, align 8 %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.kuid_t* %3 to i8* %10 = icmp eq i64 %7, 0 %11 = icmp slt i32 %8, 0 %12 = or i1 %11, %10 br i1 %12, label %39, label %13 %14 = inttoptr i64 %7 to i8* %15 = call i64 @_copy_from_user(i8* nonnull %9, i8* %14, i64 4) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %39 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = icmp eq i32 %8, 0 br i1 %18, label %21, label %19 %22 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %23 %24 = phi %struct.task_struct.50485* [ %20, %19 ], [ %22, %21 ] %25 = icmp eq %struct.task_struct.50485* %24, null br i1 %25, label %37, label %26 %27 = bitcast %struct.sched_attr* %2 to i8* %28 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 1 store i32 -1, i32* %28, align 4 %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 3 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %24, i64 0, i32 16 %31 = load i32, i32* %30, align 8 %32 = add i32 %31, -120 store i32 %32, i32* %29, align 8 %33 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 4 %34 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 %35 = load i32, i32* %34, align 4 store i32 %35, i32* %33, align 4 %36 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %24, %struct.sched_attr* nonnull %2, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setscheduler 12 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %44, label %27 %28 = bitcast %struct.sched_attr* %4 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %7, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = and i32 %7, 1073741824 %38 = icmp eq i32 %37, 0 br i1 %38, label %42, label %39 %40 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 store i64 1, i64* %40, align 8 %41 = and i32 %7, -1073741825 store i32 %41, i32* %29, align 4 br label %42 %43 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setscheduler 12 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setscheduler(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = icmp slt i32 %7, 0 br i1 %8, label %49, label %9 %10 = bitcast %struct.kuid_t* %5 to i8* %11 = icmp eq i64 %2, 0 %12 = icmp slt i32 %6, 0 %13 = or i1 %12, %11 br i1 %13, label %46, label %14 %15 = inttoptr i64 %2 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %10, i8* %15, i64 4) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.50485* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.50485* %25, null br i1 %26, label %44, label %27 %28 = bitcast %struct.sched_attr* %4 to i8* %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %7, i32* %29, align 4 %30 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %25, i64 0, i32 16 %32 = load i32, i32* %31, align 8 %33 = add i32 %32, -120 store i32 %33, i32* %30, align 8 %34 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %35 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %36 = load i32, i32* %35, align 4 store i32 %36, i32* %34, align 4 %37 = and i32 %7, 1073741824 %38 = icmp eq i32 %37, 0 br i1 %38, label %42, label %39 %40 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 store i64 1, i64* %40, align 8 %41 = and i32 %7, -1073741825 store i32 %41, i32* %29, align 4 br label %42 %43 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.50485* nonnull %25, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %21 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 86 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 77 %28 = bitcast %struct.cred.50206** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %31 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 br label %34 %35 = phi i32 [ -1, %266 ], [ %6, %18 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %460 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %50 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435464 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %460 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %460, label %57 %58 = icmp ne i32 %50, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %460 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %50, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %460 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 br label %162 %163 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %164 = load volatile i32, i32* %31, align 4 %165 = zext i32 %164 to i64 %166 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %165 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, ptrtoint (%struct.rq* @runqueues to i64) %169 = inttoptr i64 %168 to %struct.rq* %170 = getelementptr inbounds %struct.rq, %struct.rq* %169, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %170) #69 %171 = load volatile i32, i32* %31, align 4 %172 = zext i32 %171 to i64 %173 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %172 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, ptrtoint (%struct.rq* @runqueues to i64) %176 = inttoptr i64 %175 to %struct.rq* %177 = icmp eq %struct.rq* %169, %176 br i1 %177, label %178, label %181, !prof !5 %179 = load volatile i32, i32* %29, align 4 %180 = icmp eq i32 %179, 2 br i1 %180, label %181, label %189, !prof !12, !misexpect !13 %190 = inttoptr i64 %168 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 23 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 2 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %207 %208 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 20 %209 = load %struct.task_struct.50485*, %struct.task_struct.50485** %208, align 64 %210 = icmp eq %struct.task_struct.50485* %209, %0 br i1 %210, label %211, label %213 %214 = load i32, i32* %21, align 4 %215 = icmp eq i32 %50, %214 br i1 %215, label %216, label %237, !prof !12, !misexpect !6 switch i32 %50, label %222 [ i32 3, label %217 i32 0, label %217 ] %218 = load i32, i32* %23, align 8 %219 = load i32, i32* %24, align 8 %220 = add i32 %219, -120 %221 = icmp eq i32 %218, %220 br i1 %221, label %222, label %237 br i1 %2, label %238, label %261 %239 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %240 = icmp slt i32 %239, 0 %241 = or i1 %58, %240 br i1 %241, label %261, label %242 %262 = icmp eq i32 %51, -1 br i1 %262, label %268, label %263 %264 = load i32, i32* %21, align 4 %265 = icmp eq i32 %51, %264 br i1 %265, label %268, label %266, !prof !5, !misexpect !6 %269 = inttoptr i64 %168 to %struct.rq* br i1 %58, label %270, label %274 %271 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 15 %272 = load i32, i32* %271, align 4 %273 = icmp sgt i32 %272, -1 br i1 %273, label %282, label %274 %275 = tail call i32 @sched_dl_overflow(%struct.task_struct.50485* %0, i32 %50, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 27 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 8 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 27 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 8 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 8, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 14, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 14, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.50485* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %67, label %12 %13 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %60, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14 %26 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 14, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -22, i32 6 %32 = getelementptr inbounds i64, i64* %31, i64 315 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %35 = icmp eq %struct.hrtimer_clock_base* %34, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %35, label %46, label %36, !prof !9, !misexpect !10 %37 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 0 %38 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %37, align 64 %39 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %38, i64 0, i32 0 %40 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %39) #69 %41 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %42 = icmp eq %struct.hrtimer_clock_base* %34, %41 br i1 %42, label %47, label %43, !prof !4, !misexpect !10 %48 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %34, i64 0, i32 4 %49 = load %struct.hrtimer*, %struct.hrtimer** %48, align 8 %50 = icmp eq %struct.hrtimer* %49, %0 br i1 %50, label %54, label %51 %52 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %34, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.76783* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.76783** getelementptr inbounds (%struct.tick_device.76784, %struct.tick_device.76784* @tick_cpu_device, i64 0, i32 0)) #6, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.76783, %struct.clock_event_device.76783* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device.28097*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.76783*, i32)*)(%struct.clock_event_device.76783* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device.28097*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.76783*, i64, i1)*)(%struct.clock_event_device.76783* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device.28097* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device.28097* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device.28097, %struct.clock_event_device.28097* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device.28097*)*, i32 (i64, %struct.clock_event_device.28097*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device.28097* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.8291, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = alloca %struct.wait_opts, align 8 %3 = alloca %struct.rusage, align 8 %4 = alloca %struct.ist_info, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %8 to i32 %18 = inttoptr i64 %11 to %struct.compat_siginfo* %19 = trunc i64 %13 to i32 %20 = inttoptr i64 %16 to %struct.compat_rusage* %21 = bitcast %struct.rusage* %3 to i8* %22 = bitcast %struct.ist_info* %4 to i8* %23 = icmp eq i64 %16, 0 %24 = select i1 %23, %struct.rusage* null, %struct.rusage* %3 %25 = bitcast %struct.wait_opts* %2 to i8* %26 = and i32 %19, 520093680 %27 = icmp ne i32 %26, 0 %28 = and i32 %19, 14 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %40, label %31 %32 = trunc i64 %6 to i32 switch i32 %32, label %40 [ i32 0, label %41 i32 1, label %33 i32 2, label %35 ] %36 = icmp slt i32 %17, 1 br i1 %36, label %40, label %37 %38 = phi i32 [ 0, %33 ], [ 2, %35 ] %39 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %17) #69 br label %41 %42 = phi i32 [ %38, %37 ], [ 4, %31 ] %43 = phi %struct.pid.40929* [ %39, %37 ], [ null, %31 ] %44 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 0 store i32 %42, i32* %44, align 8 %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 2 store %struct.pid.40929* %43, %struct.pid.40929** %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 1 store i32 %19, i32* %46, align 4 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 3 store %struct.ist_info* %4, %struct.ist_info** %47, align 8 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %2, i64 0, i32 5 store %struct.rusage* %24, %struct.rusage** %48, align 8 %49 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %2) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 kernel_wait4 12 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.40929* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.40929* %24, %struct.pid.40929** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __se_sys_waitid 12 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 do_notify_parent 9 wait_consider_task 10 do_wait 11 __se_sys_waitid 12 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca %struct.rusage, align 8 %8 = alloca %struct.ist_info, align 4 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %7 to i8* %13 = bitcast %struct.ist_info* %8 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %7 %16 = bitcast %struct.wait_opts* %6 to i8* %17 = and i32 %11, 520093680 %18 = icmp ne i32 %17, 0 %19 = and i32 %11, 14 %20 = icmp eq i32 %19, 0 %21 = or i1 %18, %20 br i1 %21, label %31, label %22 %23 = trunc i64 %0 to i32 switch i32 %23, label %31 [ i32 0, label %32 i32 1, label %24 i32 2, label %26 ] %27 = icmp slt i32 %9, 1 br i1 %27, label %31, label %28 %29 = phi i32 [ 0, %24 ], [ 2, %26 ] %30 = tail call %struct.pid.40929* bitcast (%struct.pid.45783* (i32)* @find_get_pid to %struct.pid.40929* (i32)*)(i32 %9) #69 br label %32 %33 = phi i32 [ %29, %28 ], [ 4, %22 ] %34 = phi %struct.pid.40929* [ %30, %28 ], [ null, %22 ] %35 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %33, i32* %35, align 8 %36 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.40929* %34, %struct.pid.40929** %36, align 8 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %11, i32* %37, align 4 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %8, %struct.ist_info** %38, align 8 %39 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %15, %struct.rusage** %39, align 8 %40 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #69 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.41345** store %struct.task_struct.41345* %32, %struct.task_struct.41345** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 86 %35 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.40929*, %struct.pid.40929** %3, align 8 %48 = icmp eq %struct.pid.40929* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.40929, %struct.pid.40929* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.41345* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 52 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 16 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1216 %69 = bitcast i8* %68 to %struct.task_struct.41345* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.41345* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 16 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %60, i64 0, i32 55 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 8 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1256 %86 = bitcast i8* %85 to %struct.task_struct.41345* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.41345* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 36 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %562, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %17 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %16, align 64 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.41314, %struct.signal_struct.41314* %17, i64 0, i32 22, i64 %18 br label %20 %21 = phi %struct.pid.40929** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.40929*, %struct.pid.40929** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.40929*, %struct.pid.40929** %23, align 8 %25 = icmp ne %struct.pid.40929* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %59 = load %struct.task_struct.41345*, %struct.task_struct.41345** %58, align 32 %60 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %61 = load %struct.task_struct.41345*, %struct.task_struct.41345** %60, align 8 %62 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %59, i64 0, i32 86 %63 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %62, align 64 %64 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %61, i64 0, i32 86 %65 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %64, align 64 %66 = icmp eq %struct.signal_struct.41314* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %378 %72 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 38 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %371 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.41345*, i32, %struct.pid_namespace.40927*)*)(%struct.task_struct.41345* %2, i32 0, %struct.pid_namespace.40927* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 77 %90 = bitcast %struct.cred.40933** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred.40933* %93 = getelementptr inbounds %struct.cred.40933, %struct.cred.40933* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %562, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %119, label %105, !prof !6, !misexpect !5 %120 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 50 %121 = load %struct.task_struct.41345*, %struct.task_struct.41345** %120, align 32 %122 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 51 %123 = load %struct.task_struct.41345*, %struct.task_struct.41345** %122, align 8 %124 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %121, i64 0, i32 86 %125 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %124, align 64 %126 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %123, i64 0, i32 86 %127 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %126, align 64 %128 = icmp eq %struct.signal_struct.41314* %125, %127 br i1 %128, label %133, label %129 %130 = load i32, i32* %72, align 4 %131 = icmp sgt i32 %130, -1 %132 = select i1 %131, i32 48, i32 16 br label %133 %134 = phi i1 [ false, %119 ], [ %131, %129 ] %135 = phi i32 [ 16, %119 ], [ %132, %129 ] %136 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %135, i32 32, i32* %6) #6, !srcloc !14 %137 = icmp eq i32 %136, 32 br i1 %137, label %138, label %562 %139 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %134, label %323, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 br i1 %142, label %143, label %323 %144 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %145 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %144, align 64 %146 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !15 %147 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 86 %148 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %147, align 64 %149 = bitcast i64* %4 to i8* %150 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.50485*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.41345*, i64*, i64*)*)(%struct.task_struct.41345* %2, i64* nonnull %4, i64* nonnull %5) #69 %151 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %146, i64 0, i32 87 %152 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %153 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %152, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %153) #69 %154 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %154) #69 %155 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 0, i32 0 %156 = load i32, i32* %155, align 4 %157 = add i32 %156, 1 store i32 %157, i32* %155, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %158 = load i64, i64* %4, align 8 %159 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 29 %160 = load i64, i64* %159, align 8 %161 = add i64 %160, %158 %162 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 29 %163 = load i64, i64* %162, align 8 %164 = add i64 %161, %163 store i64 %164, i64* %162, align 8 %165 = load i64, i64* %5, align 8 %166 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 30 %167 = load i64, i64* %166, align 8 %168 = add i64 %167, %165 %169 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 30 %170 = load i64, i64* %169, align 8 %171 = add i64 %168, %170 store i64 %171, i64* %169, align 8 %172 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 66 %173 = load i64, i64* %172, align 8 %174 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 31 %175 = load i64, i64* %174, align 8 %176 = add i64 %175, %173 %177 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 32 %178 = load i64, i64* %177, align 8 %179 = add i64 %176, %178 %180 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 32 %181 = load i64, i64* %180, align 8 %182 = add i64 %179, %181 store i64 %182, i64* %180, align 8 %183 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 72 %184 = load i64, i64* %183, align 8 %185 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 38 %186 = load i64, i64* %185, align 8 %187 = add i64 %186, %184 %188 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 40 %189 = load i64, i64* %188, align 8 %190 = add i64 %187, %189 %191 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 40 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 store i64 %193, i64* %191, align 8 %194 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 73 %195 = load i64, i64* %194, align 16 %196 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 39 %197 = load i64, i64* %196, align 8 %198 = add i64 %197, %195 %199 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 41 %200 = load i64, i64* %199, align 8 %201 = add i64 %198, %200 %202 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 41 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 store i64 %204, i64* %202, align 8 %205 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 68 %206 = load i64, i64* %205, align 8 %207 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 34 %208 = load i64, i64* %207, align 8 %209 = add i64 %208, %206 %210 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 36 %211 = load i64, i64* %210, align 8 %212 = add i64 %209, %211 %213 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 36 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 store i64 %215, i64* %213, align 8 %216 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 69 %217 = load i64, i64* %216, align 16 %218 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 35 %219 = load i64, i64* %218, align 8 %220 = add i64 %219, %217 %221 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 37 %222 = load i64, i64* %221, align 8 %223 = add i64 %220, %222 %224 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 37 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 store i64 %226, i64* %224, align 8 %227 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 4 %228 = load i64, i64* %227, align 32 %229 = lshr i64 %228, 9 %230 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 42 %231 = load i64, i64* %230, align 8 %232 = add i64 %229, %231 %233 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 44 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 44 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 5 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 43 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 45 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 45 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 46 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 47 %254 = load i64, i64* %253, align 8 %255 = icmp ugt i64 %252, %254 %256 = select i1 %255, i64 %252, i64 %254 %257 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 47 %258 = load i64, i64* %257, align 8 %259 = icmp ult i64 %258, %256 br i1 %259, label %260, label %261 store i64 %256, i64* %257, align 8 br label %261 %262 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 0 %263 = load i64, i64* %262, align 8 %264 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 0 %265 = load i64, i64* %264, align 8 %266 = add i64 %265, %263 store i64 %266, i64* %264, align 8 %267 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 1 %268 = load i64, i64* %267, align 8 %269 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 1 %270 = load i64, i64* %269, align 8 %271 = add i64 %270, %268 store i64 %271, i64* %269, align 8 %272 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 2 %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 2 %275 = load i64, i64* %274, align 8 %276 = add i64 %275, %273 store i64 %276, i64* %274, align 8 %277 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 3 %278 = load i64, i64* %277, align 8 %279 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 3 %280 = load i64, i64* %279, align 8 %281 = add i64 %280, %278 store i64 %281, i64* %279, align 8 %282 = load i64, i64* %227, align 8 %283 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 4 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = load i64, i64* %239, align 8 %287 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 5 %288 = load i64, i64* %287, align 8 %289 = add i64 %288, %286 store i64 %289, i64* %287, align 8 %290 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 116, i32 6 %291 = load i64, i64* %290, align 8 %292 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 48, i32 6 %293 = load i64, i64* %292, align 8 %294 = add i64 %293, %291 store i64 %294, i64* %292, align 8 %295 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 0 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %266 store i64 %297, i64* %264, align 8 %298 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 1 %299 = load i64, i64* %298, align 8 %300 = add i64 %299, %271 store i64 %300, i64* %269, align 8 %301 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 2 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %276 store i64 %303, i64* %274, align 8 %304 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 3 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %281 store i64 %306, i64* %279, align 8 %307 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 4 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %285 store i64 %309, i64* %283, align 8 %310 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 5 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %289 store i64 %312, i64* %287, align 8 %313 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %145, i64 0, i32 48, i32 6 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %294 store i64 %315, i64* %292, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %316 = load i32, i32* %155, align 4 %317 = add i32 %316, 1 store i32 %317, i32* %155, align 4 %318 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %148, i64 0, i32 26, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %319 = bitcast %struct.spinlock* %318 to i8* store volatile i8 0, i8* %319, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %320 = load %struct.sighand_struct*, %struct.sighand_struct** %151, align 8 %321 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %320, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %322 = bitcast %struct.spinlock* %321 to i8* store volatile i8 0, i8* %322, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br label %323 %324 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %325 = load %struct.rusage*, %struct.rusage** %324, align 8 %326 = icmp eq %struct.rusage* %325, null br i1 %326, label %328, label %327 call void bitcast (void (%struct.task_struct.39605*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.41345*, i32, %struct.rusage*)*)(%struct.task_struct.41345* %2, i32 -2, %struct.rusage* nonnull %325) #69 br label %328 %329 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %330 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %329, align 64 %331 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 12 %332 = load i32, i32* %331, align 4 %333 = and i32 %332, 4 %334 = icmp eq i32 %333, 0 %335 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %330, i64 0, i32 8 %336 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 37 %337 = select i1 %334, i32* %336, i32* %335 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %338, i32* %339, align 8 br i1 %134, label %340, label %349 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %341 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 5 %342 = load i32, i32* %341, align 8 %343 = icmp eq i32 %342, 0 br i1 %343, label %345, label %344, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.39605*)* @__ptrace_unlink to void (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 br label %345 %346 = load i32, i32* %72, align 4 %347 = call zeroext i1 bitcast (i1 (%struct.task_struct.39605*, i32)* @do_notify_parent to i1 (%struct.task_struct.41345*, i32)*)(%struct.task_struct.41345* %2, i32 %346) #69 Function:do_notify_parent %3 = alloca %struct.siginfo, align 8 %4 = bitcast %struct.siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5161, i64 0, i64 0), i32 1828, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 220) #6, !srcloc !7 br label %7 %8 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 1 %9 = load volatile i64, i64* %8, align 16 %10 = and i64 %9, 12 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %28 %29 = icmp eq i32 %1, 17 br i1 %29, label %39, label %30 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 100 %32 = load i64, i64* %31, align 64 %33 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %34 = load %struct.task_struct.39605*, %struct.task_struct.39605** %33, align 8 %35 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %34, i64 0, i32 101 %36 = load volatile i64, i64* %35, align 8 %37 = icmp eq i64 %32, %36 %38 = select i1 %37, i32 %1, i32 17 br label %39 %40 = phi i32 [ 17, %28 ], [ %38, %30 ] %41 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 %42 = bitcast i32* %41 to i8* %43 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 0 store i32 %40, i32* %43, align 8 %44 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 1 store i32 0, i32* %44, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %45 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 51 %46 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %47 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %46) #69 %48 = tail call i32 bitcast (i32 (%struct.task_struct.46154*, i32, %struct.pid_namespace.46156*)* @__task_pid_nr_ns to i32 (%struct.task_struct.39605*, i32, %struct.pid_namespace.39324*)*)(%struct.task_struct.39605* %0, i32 0, %struct.pid_namespace.39324* %47) #69 %49 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 0 store i32 %48, i32* %49, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %50 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %51 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %50, i64 0, i32 77 %52 = bitcast %struct.cred.39299** %51 to i64* %53 = load volatile i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %54 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 77 %55 = bitcast %struct.cred.39299** %54 to i64* %56 = load volatile i64, i64* %55, align 8 %57 = inttoptr i64 %56 to %struct.cred.39299* %58 = getelementptr inbounds %struct.cred.39299, %struct.cred.39299* %57, i64 0, i32 1, i32 0 %59 = load i32, i32* %58, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %60 = icmp eq i32 %59, -1 %61 = load i32, i32* @overflowuid, align 4 %62 = select i1 %60, i32 %61, i32 %59 %63 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 1 store i32 %62, i32* %63, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %64 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 64 %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 65 %67 = load i64, i64* %66, align 64 %68 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %69 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %70 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %69, i64 0, i32 27 %71 = load i64, i64* %70, align 8 %72 = add i64 %71, %65 %73 = tail call i64 @nsec_to_clock_t(i64 %72) #69 %74 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 3 store i64 %73, i64* %74, align 8 %75 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %68, align 64 %76 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %75, i64 0, i32 28 %77 = load i64, i64* %76, align 8 %78 = add i64 %77, %67 %79 = tail call i64 @nsec_to_clock_t(i64 %78) #69 %80 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 4 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 37 %82 = load i32, i32* %81, align 16 %83 = and i32 %82, 127 %84 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 3, i32 0, i32 2 store i32 %83, i32* %84, align 8 %85 = trunc i32 %82 to i8 %86 = icmp sgt i8 %85, -1 br i1 %86, label %89, label %87 %90 = icmp eq i32 %83, 0 %91 = getelementptr inbounds %struct.siginfo, %struct.siginfo* %3, i64 0, i32 2 br i1 %90, label %93, label %92 store i32 2, i32* %91, align 8 br label %95 %96 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %97 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %96, i64 0, i32 87 %98 = load %struct.sighand_struct*, %struct.sighand_struct** %97, align 8 %99 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 2, i32 0, i32 0 %100 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %99) #69 %101 = load i32, i32* %14, align 8 %102 = icmp eq i32 %101, 0 %103 = icmp eq i32 %40, 17 %104 = and i1 %103, %102 br i1 %104, label %105, label %114 %106 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 0 %107 = load void (i32)*, void (i32)** %106, align 8 %108 = icmp eq void (i32)* %107, inttoptr (i64 1 to void (i32)*) br i1 %108, label %122, label %109 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %98, i64 0, i32 1, i64 16, i32 0, i32 1 %111 = load i64, i64* %110, align 8 %112 = and i64 %111, 2 %113 = icmp ne i64 %112, 0 br label %117 %118 = phi i32 [ %40, %114 ], [ 17, %109 ] %119 = phi i1 [ false, %114 ], [ %113, %109 ] %120 = load %struct.task_struct.39605*, %struct.task_struct.39605** %45, align 8 %121 = call fastcc i32 @__send_signal(i32 %118, %struct.siginfo* nonnull %3, %struct.task_struct.39605* %120, i32 1, i32 0) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 prepare_signal 7 __send_signal 8 force_sig_info 9 force_sig 10 signal_fault 11 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %22 = bitcast %struct.cpumask* %20 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 8, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 store i64 %24, i64* %21, align 8 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %25 = extractvalue { i32, i64 } %23, 0 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 %31 = extractvalue { i32, i64 } %30, 0 tail call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !13, !misexpect !14 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 46, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 32 %37 = getelementptr inbounds %struct.task_struct.10885, %struct.task_struct.10885* %3, i64 0, i32 161, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+17)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09mfence\0A6651:\0A\096642:\0A\09lfence\0A6652:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !16 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !17 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !18 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !19 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !20 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !21 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !22 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !23 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !24 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !25 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !26 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !27 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !28 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !29 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !30 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !31 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !32 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !33 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !34 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !35 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !36 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.10885* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !38 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1141, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.10885* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.10885** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.10885**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void bitcast (void (i32, %struct.task_struct.39605*)* @force_sig to void (i32, %struct.task_struct.10885*)*)(i32 11, %struct.task_struct.10885* %4) #69 Function:force_sig %3 = tail call i32 @force_sig_info(i32 %0, %struct.siginfo* nonnull inttoptr (i64 1 to %struct.siginfo*), %struct.task_struct.39605* %1) #69 Function:force_sig_info %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %5 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %6 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %5, i64 0, i32 2, i32 0, i32 0 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %6) #69 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %4, align 8 %9 = add i32 %0, -1 %10 = sext i32 %9 to i64 %11 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 1, i64 %10, i32 0, i32 0 %12 = load void (i32)*, void (i32)** %11, align 8 %13 = icmp eq void (i32)* %12, inttoptr (i64 1 to void (i32)*) %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 88, i32 0, i64 0 %15 = load i64, i64* %14, align 8 %16 = zext i32 %9 to i64 %17 = shl nuw i64 1, %16 %18 = and i64 %15, %17 %19 = icmp ne i64 %18, 0 %20 = or i1 %13, %19 br i1 %20, label %21, label %48 store void (i32)* null, void (i32)** %11, align 8 br i1 %19, label %22, label %51 %52 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 5 %53 = load i32, i32* %52, align 8 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %61 %62 = icmp eq %struct.siginfo* %1, null br i1 %62, label %69, label %63 %64 = icmp ugt %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) br i1 %64, label %65, label %75 %76 = phi i32 [ 0, %65 ], [ %74, %69 ], [ 0, %63 ] %77 = tail call fastcc i32 @__send_signal(i32 %0, %struct.siginfo* %1, %struct.task_struct.39605* %2, i32 0, i32 %76) #69 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %2, i64 0, i32 87 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 2, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = icmp ne i32 %4, 0 %14 = icmp eq %struct.siginfo* %1, inttoptr (i64 1 to %struct.siginfo*) %15 = or i1 %14, %13 %16 = icmp eq %struct.siginfo* %1, inttoptr (i64 2 to %struct.siginfo*) %17 = or i1 %16, %15 %18 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.39605* %2, i1 zeroext %17) #69 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 86 %5 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %6 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %16 = icmp slt i32 %0, 32 br i1 %16, label %17, label %302 %18 = add i32 %0, -1 %19 = zext i32 %18 to i64 %20 = shl nuw i64 1, %19 %21 = and i64 %20, 3932160 %22 = icmp eq i64 %21, 0 br i1 %22, label %137, label %23 %138 = icmp eq i32 %0, 18 br i1 %138, label %139, label %302 %140 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6 %141 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %142 = load i64, i64* %141, align 8 %143 = and i64 %142, 3932160 %144 = icmp eq i64 %143, 0 br i1 %144, label %191, label %145 %146 = and i64 %142, -3932161 store i64 %146, i64* %141, align 8 %147 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %140, i64 0, i32 0 %148 = bitcast %struct.sigpending* %140 to %struct.sigqueue** %149 = load %struct.sigqueue*, %struct.sigqueue** %148, align 8 %150 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %149, i64 0, i32 0 %151 = icmp eq %struct.list_head* %150, %147 br i1 %151, label %191, label %152 %153 = phi %struct.list_head* [ %189, %188 ], [ %150, %145 ] %154 = phi %struct.sigqueue* [ %156, %188 ], [ %149, %145 ] %155 = bitcast %struct.sigqueue* %154 to %struct.sigqueue** %156 = load %struct.sigqueue*, %struct.sigqueue** %155, align 8 %157 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 2, i32 0 %158 = load i32, i32* %157, align 8 %159 = add i32 %158, -1 %160 = zext i32 %159 to i64 %161 = shl nuw i64 1, %160 %162 = and i64 %161, 3932160 %163 = icmp eq i64 %162, 0 br i1 %163, label %188, label %164 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 0, i32 1 %166 = load %struct.list_head*, %struct.list_head** %165, align 8 %167 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0, i32 1 store %struct.list_head* %166, %struct.list_head** %167, align 8 %168 = ptrtoint %struct.sigqueue* %156 to i64 %169 = bitcast %struct.list_head* %166 to i64* store volatile i64 %168, i64* %169, align 8 %170 = ptrtoint %struct.sigqueue* %154 to i64 %171 = bitcast %struct.sigqueue* %154 to i64* store volatile i64 %170, i64* %171, align 8 store %struct.list_head* %153, %struct.list_head** %165, align 8 %172 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 1 %173 = load i32, i32* %172, align 8 %174 = and i32 %173, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %188 %177 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %154, i64 0, i32 3 %178 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 %179 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %178, i64 0, i32 2, i32 0 %180 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %179, i32* %179) #6, !srcloc !4 %181 = and i8 %180, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %185, label %183 %184 = load %struct.user_struct.39280*, %struct.user_struct.39280** %177, align 8 tail call void @free_uid(%struct.user_struct.39280* %184) #69 br label %185 %186 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %187 = bitcast %struct.sigqueue* %154 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %186, i8* %187) #69 br label %188 %189 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %156, i64 0, i32 0 %190 = icmp eq %struct.list_head* %189, %147 br i1 %190, label %191, label %152 %192 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %4, align 64 %193 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3, i32 0 %194 = bitcast %struct.list_head** %193 to i64* %195 = load volatile i64, i64* %194, align 8 %196 = inttoptr i64 %195 to %struct.list_head* %197 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %192, i64 0, i32 3 %198 = icmp eq %struct.list_head* %197, %196 br i1 %198, label %281, label %199 %200 = phi i64 [ %276, %274 ], [ %195, %191 ] %201 = inttoptr i64 %200 to i8* %202 = getelementptr i8, i8* %201, i64 -1360 %203 = bitcast i8* %202 to %struct.task_struct.39605* %204 = getelementptr i8, i8* %201, i64 344 %205 = getelementptr i8, i8* %201, i64 360 %206 = bitcast i8* %205 to i64* %207 = load i64, i64* %206, align 8 %208 = and i64 %207, 3932160 %209 = icmp eq i64 %208, 0 br i1 %209, label %256, label %210 %211 = and i64 %207, -3932161 store i64 %211, i64* %206, align 8 %212 = bitcast i8* %204 to %struct.list_head* %213 = bitcast i8* %204 to %struct.sigqueue** %214 = load %struct.sigqueue*, %struct.sigqueue** %213, align 8 %215 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %214, i64 0, i32 0 %216 = icmp eq %struct.list_head* %215, %212 br i1 %216, label %256, label %217 %218 = phi %struct.list_head* [ %254, %253 ], [ %215, %210 ] %219 = phi %struct.sigqueue* [ %221, %253 ], [ %214, %210 ] %220 = bitcast %struct.sigqueue* %219 to %struct.sigqueue** %221 = load %struct.sigqueue*, %struct.sigqueue** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 2, i32 0 %223 = load i32, i32* %222, align 8 %224 = add i32 %223, -1 %225 = zext i32 %224 to i64 %226 = shl nuw i64 1, %225 %227 = and i64 %226, 3932160 %228 = icmp eq i64 %227, 0 br i1 %228, label %253, label %229 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 0, i32 1 %231 = load %struct.list_head*, %struct.list_head** %230, align 8 %232 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0, i32 1 store %struct.list_head* %231, %struct.list_head** %232, align 8 %233 = ptrtoint %struct.sigqueue* %221 to i64 %234 = bitcast %struct.list_head* %231 to i64* store volatile i64 %233, i64* %234, align 8 %235 = ptrtoint %struct.sigqueue* %219 to i64 %236 = bitcast %struct.sigqueue* %219 to i64* store volatile i64 %235, i64* %236, align 8 store %struct.list_head* %218, %struct.list_head** %230, align 8 %237 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 1 %238 = load i32, i32* %237, align 8 %239 = and i32 %238, 1 %240 = icmp eq i32 %239, 0 br i1 %240, label %241, label %253 %242 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %219, i64 0, i32 3 %243 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 %244 = getelementptr inbounds %struct.user_struct.39280, %struct.user_struct.39280* %243, i64 0, i32 2, i32 0 %245 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %244, i32* %244) #6, !srcloc !4 %246 = and i8 %245, 1 %247 = icmp eq i8 %246, 0 br i1 %247, label %250, label %248 %249 = load %struct.user_struct.39280*, %struct.user_struct.39280** %242, align 8 tail call void @free_uid(%struct.user_struct.39280* %249) #69 br label %250 %251 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %252 = bitcast %struct.sigqueue* %219 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %251, i8* %252) #69 br label %253 %254 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %221, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, %212 br i1 %255, label %256, label %217 %257 = getelementptr i8, i8* %201, i64 -272 %258 = bitcast i8* %257 to i64* %259 = load i64, i64* %258, align 64 %260 = and i64 %259, -458753 store i64 %260, i64* %258, align 64 %261 = and i64 %259, 3670016 %262 = icmp eq i64 %261, 2097152 br i1 %262, label %263, label %265, !prof !5 %266 = getelementptr i8, i8* %201, i64 -1320 %267 = bitcast i8* %266 to i32* %268 = load i32, i32* %267, align 8 %269 = and i32 %268, 65536 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %273, !prof !7, !misexpect !8 %272 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %203, i32 4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.41345* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41345** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.41345**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 86 %4 = load %struct.signal_struct.41314*, %struct.signal_struct.41314** %3, align 64 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 10 %15 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %16 = icmp eq %struct.task_struct.41345* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 59 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %48, label %26 %27 = getelementptr inbounds %struct.task_struct.41345, %struct.task_struct.41345* %2, i64 0, i32 87 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 2 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = load i32, i32* %9, align 4 %32 = and i32 %31, 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = load %struct.task_struct.41345*, %struct.task_struct.41345** %14, align 8 %38 = icmp eq %struct.task_struct.41345* %37, null %39 = getelementptr inbounds %struct.signal_struct.41314, %struct.signal_struct.41314* %4, i64 0, i32 8 br i1 %38, label %43, label %40 store i32 %0, i32* %39, align 8 store i32 4, i32* %9, align 4 %44 = tail call i32 bitcast (i32 (%struct.task_struct.39605*)* @zap_other_threads to i32 (%struct.task_struct.41345*)*)(%struct.task_struct.41345* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %3 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %2, align 64 %4 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 59, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1344 %10 = bitcast i8* %9 to %struct.task_struct.39605* %11 = icmp eq %struct.task_struct.39605* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.39605* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 64 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 64 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 376 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.50485*, i32)* @wake_up_state to i32 (%struct.task_struct.39605*, i32)*)(%struct.task_struct.39605* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.50485* %0, i32 %1, i32 0) #69 Function:try_to_wake_up %4 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 103 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 1 %7 = load volatile i64, i64* %6, align 16 %8 = zext i32 %1 to i64 %9 = and i64 %7, %8 %10 = icmp eq i64 %9, 0 br i1 %10, label %282, label %11 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 8 %36 = load volatile i32, i32* %35, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 14 %38 = load i32, i32* %37, align 32 %39 = icmp eq i32 %38, 0 br i1 %39, label %87, label %40 %41 = load volatile i32, i32* %35, align 4 %42 = zext i32 %41 to i64 %43 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %42 %44 = load i64, i64* %43, align 8 %45 = add i64 %44, ptrtoint (%struct.rq* @runqueues to i64) %46 = inttoptr i64 %45 to %struct.rq* %47 = getelementptr inbounds %struct.rq, %struct.rq* %46, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = load volatile i32, i32* %35, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %49 %51 = load i64, i64* %50, align 8 %52 = add i64 %51, ptrtoint (%struct.rq* @runqueues to i64) %53 = inttoptr i64 %52 to %struct.rq* %54 = icmp eq %struct.rq* %46, %53 br i1 %54, label %55, label %57, !prof !10 %56 = load volatile i32, i32* %37, align 4 switch i32 %56, label %85 [ i32 2, label %57 i32 1, label %65 ], !prof !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %86 = inttoptr i64 %45 to i8* store volatile i8 0, i8* %86, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %87 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %88 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 7 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %94, label %91 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %92 = load volatile i32, i32* %88, align 4 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %91 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %95 = load volatile i64, i64* %6, align 16 %96 = and i64 %95, 2 %97 = icmp eq i64 %96, 0 br i1 %97, label %109, label %98 %110 = phi i8 [ 0, %98 ], [ 0, %94 ], [ %108, %103 ] %111 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 42 %112 = load i8, i8* %111, align 4 %113 = and i8 %112, -3 %114 = or i8 %113, %110 store i8 %114, i8* %111, align 4 store volatile i64 512, i64* %6, align 16 %115 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 44 %116 = load i8, i8* %115, align 16 %117 = and i8 %116, 2 %118 = icmp eq i8 %117, 0 br i1 %118, label %141, label %119 %142 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 26 %143 = load i32, i32* %142, align 32 %144 = icmp sgt i32 %143, 1 br i1 %144, label %145, label %153 %154 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %155 = tail call i64 @find_first_bit(i64* %154, i64 64) #69 %156 = trunc i64 %155 to i32 br label %157 %158 = phi i32 [ %152, %145 ], [ %156, %153 ] %159 = zext i32 %158 to i64 %160 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 27, i32 0, i64 0 %161 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %160, i64 %159) #6, !srcloc !6 %162 = and i8 %161, 1 %163 = icmp eq i8 %162, 0 br i1 %163, label %180, label %164, !prof !21 %165 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %0, i64 0, i32 4 %166 = load i32, i32* %165, align 4 %167 = and i32 %166, 2097152 %168 = icmp eq i32 %167, 0 br i1 %168, label %176, label %169 %170 = load i32, i32* %142, align 32 %171 = icmp eq i32 %170, 1 br i1 %171, label %172, label %176 %177 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %159) #6, !srcloc !6 %178 = and i8 %177, 1 %179 = icmp eq i8 %178, 0 br i1 %179, label %180, label %183, !prof !14, !misexpect !15 %181 = load volatile i32, i32* %35, align 4 %182 = tail call fastcc i32 @select_fallback_rq(i32 %181, %struct.task_struct.50485* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %32, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %32 %17 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %32 %33 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27 %34 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 27, i32 0, i64 0 %35 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 4 %36 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 26 %37 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 8 %38 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 14 %39 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 19 br label %40 %41 = phi i32 [ 0, %32 ], [ %74, %73 ] br label %42 %43 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %33) #69 %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %46, label %71 %47 = phi i32 [ %53, %52 ], [ %43, %42 ] %48 = zext i32 %47 to i64 %49 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64 %48) #6, !srcloc !4 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %56 %57 = load i32, i32* %35, align 4 %58 = and i32 %57, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %67, label %60 %61 = load i32, i32* %36, align 32 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %67 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %48) #6, !srcloc !4 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %52, label %110 %111 = icmp eq i32 %41, 0 br i1 %111, label %124, label %112 %113 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 32 %114 = load %struct.mm_struct.50224*, %struct.mm_struct.50224** %113, align 32 %115 = icmp eq %struct.mm_struct.50224* %114, null br i1 %115, label %124, label %116 %117 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %118 = icmp eq i32 %117, 0 br i1 %118, label %124, label %119 %120 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 47 %121 = load i32, i32* %120, align 16 %122 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 79, i64 0 %123 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.88.5973, i64 0, i64 0), i32 %121, i8* %122, i32 %0) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfree_atomic 1 copy_process 2 _do_fork 3 __ia32_sys_clone ------------- Path:  Function:__ia32_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %13 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %16) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %143 = icmp eq %struct.vm_struct.39597* %133, null br i1 %143, label %151, label %144 %145 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* nonnull %133, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !9 %146 = icmp eq %struct.vm_struct.39597* %145, null br i1 %146, label %164, label %147 %148 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %149 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* %148, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !9 %150 = icmp eq %struct.vm_struct.39597* %149, null br i1 %150, label %164, label %162 %163 = load i8*, i8** %136, align 8 call void @vfree_atomic(i8* %163) #69 Function:vfree_atomic %2 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !4 %3 = and i32 %2, 1048576 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = icmp eq i8* %0, null br i1 %7, label %18, label %8 %9 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.vfree_deferred* nonnull @vfree_deferred) #6, !srcloc !9 %10 = inttoptr i64 %9 to %struct.vfree_deferred* %11 = bitcast i8* %0 to %struct.llist_node* %12 = getelementptr inbounds %struct.vfree_deferred, %struct.vfree_deferred* %10, i64 0, i32 0 %13 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* nonnull %11, %struct.llist_node* nonnull %11, %struct.llist_node* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfree_atomic 1 copy_process 2 _do_fork 3 __x64_sys_clone ------------- Path:  Function:__x64_sys_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @_do_fork(i64 %3, i64 %5, i64 0, i32* %8, i32* %11, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %143 = icmp eq %struct.vm_struct.39597* %133, null br i1 %143, label %151, label %144 %145 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* nonnull %133, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !9 %146 = icmp eq %struct.vm_struct.39597* %145, null br i1 %146, label %164, label %147 %148 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %149 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* %148, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !9 %150 = icmp eq %struct.vm_struct.39597* %149, null br i1 %150, label %164, label %162 %163 = load i8*, i8** %136, align 8 call void @vfree_atomic(i8* %163) #69 Function:vfree_atomic %2 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !4 %3 = and i32 %2, 1048576 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = icmp eq i8* %0, null br i1 %7, label %18, label %8 %9 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.vfree_deferred* nonnull @vfree_deferred) #6, !srcloc !9 %10 = inttoptr i64 %9 to %struct.vfree_deferred* %11 = bitcast i8* %0 to %struct.llist_node* %12 = getelementptr inbounds %struct.vfree_deferred, %struct.vfree_deferred* %10, i64 0, i32 0 %13 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* nonnull %11, %struct.llist_node* nonnull %11, %struct.llist_node* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfree_atomic 1 copy_process 2 _do_fork 3 __x64_sys_vfork ------------- Path:  Function:__x64_sys_vfork %2 = tail call i64 @_do_fork(i64 16657, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %143 = icmp eq %struct.vm_struct.39597* %133, null br i1 %143, label %151, label %144 %145 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* nonnull %133, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !9 %146 = icmp eq %struct.vm_struct.39597* %145, null br i1 %146, label %164, label %147 %148 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %149 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* %148, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !9 %150 = icmp eq %struct.vm_struct.39597* %149, null br i1 %150, label %164, label %162 %163 = load i8*, i8** %136, align 8 call void @vfree_atomic(i8* %163) #69 Function:vfree_atomic %2 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !4 %3 = and i32 %2, 1048576 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = icmp eq i8* %0, null br i1 %7, label %18, label %8 %9 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.vfree_deferred* nonnull @vfree_deferred) #6, !srcloc !9 %10 = inttoptr i64 %9 to %struct.vfree_deferred* %11 = bitcast i8* %0 to %struct.llist_node* %12 = getelementptr inbounds %struct.vfree_deferred, %struct.vfree_deferred* %10, i64 0, i32 0 %13 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* nonnull %11, %struct.llist_node* nonnull %11, %struct.llist_node* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfree_atomic 1 copy_process 2 _do_fork 3 __x64_sys_fork ------------- Path:  Function:__x64_sys_fork %2 = tail call i64 @_do_fork(i64 17, i64 0, i64 0, i32* null, i32* null, i64 0) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %143 = icmp eq %struct.vm_struct.39597* %133, null br i1 %143, label %151, label %144 %145 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* nonnull %133, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !9 %146 = icmp eq %struct.vm_struct.39597* %145, null br i1 %146, label %164, label %147 %148 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %149 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* %148, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !9 %150 = icmp eq %struct.vm_struct.39597* %149, null br i1 %150, label %164, label %162 %163 = load i8*, i8** %136, align 8 call void @vfree_atomic(i8* %163) #69 Function:vfree_atomic %2 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !4 %3 = and i32 %2, 1048576 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = icmp eq i8* %0, null br i1 %7, label %18, label %8 %9 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.vfree_deferred* nonnull @vfree_deferred) #6, !srcloc !9 %10 = inttoptr i64 %9 to %struct.vfree_deferred* %11 = bitcast i8* %0 to %struct.llist_node* %12 = getelementptr inbounds %struct.vfree_deferred, %struct.vfree_deferred* %10, i64 0, i32 0 %13 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* nonnull %11, %struct.llist_node* nonnull %11, %struct.llist_node* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfree_atomic 1 copy_process 2 _do_fork 3 __ia32_compat_sys_x86_clone ------------- Path:  Function:__ia32_compat_sys_x86_clone %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %10 to i32* %18 = inttoptr i64 %16 to i32* %19 = tail call i64 @_do_fork(i64 %4, i64 %7, i64 0, i32* %17, i32* %18, i64 %13) #69 Function:_do_fork %7 = alloca %struct.completion, align 8 %8 = bitcast %struct.completion* %7 to i8* %9 = and i64 %0, 8388608 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %25 %12 = and i64 %0, 16384 %13 = icmp eq i64 %12, 0 %14 = and i64 %0, 255 %15 = icmp eq i64 %14, 17 %16 = select i1 %15, i32 1, i32 3 %17 = select i1 %13, i32 %16, i32 2 %18 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 5 %20 = load i32, i32* %19, align 8 %21 = shl nuw nsw i32 8, %17 %22 = and i32 %20, %21 %23 = icmp eq i32 %22, 0 %24 = select i1 %23, i32 0, i32 %17, !prof !5 br label %25 %26 = phi i32 [ 0, %6 ], [ %24, %11 ] %27 = tail call fastcc %struct.task_struct.39605* @copy_process(i64 %0, i64 %1, i64 %2, i32* %4, %struct.pid.39326* null, i32 %26, i64 %5, i32 -1) #69 Function:copy_process %9 = alloca i32, align 4 %10 = alloca %struct.multiprocess_signals, align 8 %11 = bitcast %struct.multiprocess_signals* %10 to i8* %12 = and i64 %0, 131584 %13 = icmp eq i64 %12, 131584 %14 = and i64 %0, 268435968 %15 = icmp eq i64 %14, 268435968 %16 = or i1 %13, %15 br i1 %16, label %1178, label %17 %18 = and i64 %0, 65536 %19 = icmp eq i64 %18, 0 %20 = xor i1 %19, true %21 = and i64 %0, 2048 %22 = icmp eq i64 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %1178, label %24 %25 = and i64 %0, 256 %26 = icmp eq i64 %25, 0 %27 = and i64 %0, 2304 %28 = icmp eq i64 %27, 2048 br i1 %28, label %1178, label %29 %30 = trunc i64 %0 to i16 %31 = icmp sgt i16 %30, -1 br i1 %31, label %40, label %32 %33 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %33, i64 0, i32 86 %35 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %34, align 64 %36 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %35, i64 0, i32 12 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 64 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %1178 br i1 %19, label %52, label %41 %42 = and i64 %0, 805306368 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %1178 %45 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %46 = tail call %struct.pid_namespace.39324* bitcast (%struct.pid_namespace.46156* (%struct.task_struct.46154*)* @task_active_pid_ns to %struct.pid_namespace.39324* (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %45) #69 %47 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %45, i64 0, i32 85 %48 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %47, align 8 %49 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %48, i64 0, i32 4 %50 = load %struct.pid_namespace.39324*, %struct.pid_namespace.39324** %49, align 8 %51 = icmp eq %struct.pid_namespace.39324* %46, %50 br i1 %51, label %52, label %1178 %53 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.multiprocess_signals, %struct.multiprocess_signals* %10, i64 0, i32 1 %55 = bitcast %struct.hlist_node* %54 to i8* %56 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %57 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 87 %58 = bitcast %struct.multiprocess_signals* %10 to i8* %59 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %60 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %59, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %60) #69 br i1 %19, label %61, label %75 call void @recalc_sigpending() #69 %76 = load %struct.sighand_struct*, %struct.sighand_struct** %57, align 8 %77 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %76, i64 0, i32 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %78 = bitcast %struct.spinlock* %77 to i8* store volatile i8 0, i8* %78, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %79 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %56, i64 0, i32 0, i32 0 %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 4 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %1156 %84 = icmp eq i32 %7, -1 br i1 %84, label %85, label %87 %86 = call i32 bitcast (i32 (%struct.task_struct.46968*)* @tsk_fork_get_node to i32 (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %56) #69 br label %87 %88 = phi i32 [ %86, %85 ], [ %7, %83 ] %89 = load %struct.kmem_cache*, %struct.kmem_cache** @task_struct_cachep, align 8 %90 = call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %89, i32 6291648, i32 %88) #69 %91 = bitcast i8* %90 to %struct.task_struct.39605* %92 = icmp eq i8* %90, null br i1 %92, label %1156, label %93 %94 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !8 %95 = icmp eq %struct.vm_struct.39597* %94, null br i1 %95, label %96, label %99 %97 = call %struct.vm_struct.39597* asm "\0A\09mov %gs:$1,%rax\0A1:\09cmpxchgq $2, %gs:$1\0A\09jnz 1b", "=&{ax},=*m,r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !8 %98 = icmp eq %struct.vm_struct.39597* %97, null br i1 %98, label %119, label %99 %120 = load i64, i64* @vmalloc_base, align 8 %121 = add i64 %120, 35184372088831 %122 = load i64, i64* @__default_kernel_pte_mask, align 8 %123 = and i64 %122, -9223372036854775453 %125 = call i8* @__vmalloc_node_range(i64 16384, i64 16384, i64 %120, i64 %121, i32 7372992, i64 %123, i64 0, i32 %88, i8* %124) #69 %126 = icmp eq i8* %125, null br i1 %126, label %117, label %111 %118 = bitcast i8* %125 to i64* br label %127 %128 = phi i64* [ %110, %99 ], [ %118, %117 ] %129 = icmp eq i64* %128, null br i1 %129, label %164, label %130 %131 = getelementptr inbounds i8, i8* %90, i64 2368 %132 = bitcast i8* %131 to %struct.vm_struct.39597** %133 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %134 = call i32 bitcast (i32 (%struct.task_struct.18491*, %struct.task_struct.18491*)* @arch_dup_task_struct to i32 (%struct.task_struct.39605*, %struct.task_struct.39605*)*)(%struct.task_struct.39605* nonnull %91, %struct.task_struct.39605* %56) #69 %135 = getelementptr inbounds i8, i8* %90, i64 24 %136 = bitcast i8* %135 to i8** %137 = bitcast i8* %135 to i64** store i64* %128, i64** %137, align 8 store %struct.vm_struct.39597* %133, %struct.vm_struct.39597** %132, align 64 %138 = getelementptr inbounds i8, i8* %90, i64 2376 %139 = bitcast i8* %138 to i32* store volatile i32 1, i32* %139, align 8 %140 = icmp eq i32 %134, 0 %141 = ptrtoint i64* %128 to i64 br i1 %140, label %166, label %142 %143 = icmp eq %struct.vm_struct.39597* %133, null br i1 %143, label %151, label %144 %145 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0), %struct.vm_struct.39597* nonnull %133, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 0)) #6, !srcloc !9 %146 = icmp eq %struct.vm_struct.39597* %145, null br i1 %146, label %164, label %147 %148 = load %struct.vm_struct.39597*, %struct.vm_struct.39597** %132, align 64 %149 = call %struct.vm_struct.39597* asm "cmpxchgq $2, %gs:$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(%struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1), %struct.vm_struct.39597* %148, %struct.vm_struct.39597* null, %struct.vm_struct.39597** getelementptr inbounds ([2 x %struct.vm_struct.39597*], [2 x %struct.vm_struct.39597*]* @cached_stacks, i64 0, i64 1)) #6, !srcloc !9 %150 = icmp eq %struct.vm_struct.39597* %149, null br i1 %150, label %164, label %162 %163 = load i8*, i8** %136, align 8 call void @vfree_atomic(i8* %163) #69 Function:vfree_atomic %2 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !4 %3 = and i32 %2, 1048576 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = icmp eq i8* %0, null br i1 %7, label %18, label %8 %9 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.vfree_deferred* nonnull @vfree_deferred) #6, !srcloc !9 %10 = inttoptr i64 %9 to %struct.vfree_deferred* %11 = bitcast i8* %0 to %struct.llist_node* %12 = getelementptr inbounds %struct.vfree_deferred, %struct.vfree_deferred* %10, i64 0, i32 0 %13 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* nonnull %11, %struct.llist_node* nonnull %11, %struct.llist_node* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 ksys_dup 2 __ia32_sys_dup ------------- Path:  Function:__ia32_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i32 @ksys_dup(i32 %4) #69 Function:ksys_dup %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable.120764** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable.120764* %9 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %58, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable.120764* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %16, i64 0, i32 1 %18 = load %struct.file.120508**, %struct.file.120508*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.120508*, %struct.file.120508** %18, i64 %23 %25 = bitcast %struct.file.120508** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.120508* %28 = icmp eq i64 %26, 0 br i1 %28, label %58, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable.120764* %46 = icmp eq %struct.fdtable.120764* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.120508* %50 = icmp eq %struct.file.120508* %49, %27 br i1 %50, label %59, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 ksys_dup 2 __x64_sys_dup ------------- Path:  Function:__x64_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i32 @ksys_dup(i32 %4) #69 Function:ksys_dup %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable.120764** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable.120764* %9 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %58, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable.120764* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %16, i64 0, i32 1 %18 = load %struct.file.120508**, %struct.file.120508*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.120508*, %struct.file.120508** %18, i64 %23 %25 = bitcast %struct.file.120508** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.120508* %28 = icmp eq i64 %26, 0 br i1 %28, label %58, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable.120764* %46 = icmp eq %struct.fdtable.120764* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.120508* %50 = icmp eq %struct.file.120508* %49, %27 br i1 %50, label %59, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 kcompat_sys_fstatfs64 3 __ia32_compat_sys_fstatfs64 ------------- Path:  Function:__ia32_compat_sys_fstatfs64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.compat_statfs64* %12 = tail call i32 @kcompat_sys_fstatfs64(i32 %9, i32 %10, %struct.compat_statfs64* %11) #69 Function:kcompat_sys_fstatfs64 %4 = alloca %struct.compat_statfs64, align 4 %5 = alloca %struct.kstatfs, align 8 %6 = bitcast %struct.kstatfs* %5 to i8* %7 = icmp eq i32 %1, 84 br i1 %7, label %8, label %75 %9 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_compat_sys_fstatfs ------------- Path:  Function:__ia32_compat_sys_fstatfs %2 = alloca %struct.compat_statfs, align 4 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstatfs64 ------------- Path:  Function:__ia32_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.kstatfs* %3 to i8* %13 = icmp eq i64 %8, 120 br i1 %13, label %14, label %37 %15 = trunc i64 %5 to i32 %16 = tail call i64 @__fdget_raw(i32 %15) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstatfs64 ------------- Path:  Function:__x64_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast %struct.kstatfs* %3 to i8* %12 = icmp eq i64 %7, 120 br i1 %12, label %13, label %35 %14 = trunc i64 %5 to i32 %15 = tail call i64 @__fdget_raw(i32 %14) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstatfs ------------- Path:  Function:__ia32_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstatfs ------------- Path:  Function:__x64_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fchdir ------------- Path:  Function:__x64_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fchdir ------------- Path:  Function:__ia32_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 vfs_statx_fd 3 __ia32_compat_sys_x86_fstat64 ------------- Path:  Function:__ia32_compat_sys_x86_fstat64 %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_statx_fd(i32 %7, %struct.kstat* nonnull %2, i32 2047, i32 0) #69 Function:vfs_statx_fd %5 = and i32 %3, -24577 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %18 %8 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstat ------------- Path:  Function:__x64_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.__old_kernel_stat** %7 = load %struct.__old_kernel_stat*, %struct.__old_kernel_stat** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kstat* %2 to i8* %10 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstat ------------- Path:  Function:__ia32_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.__old_kernel_stat* %10 = bitcast %struct.kstat* %2 to i8* %11 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_newfstat 3 __ia32_sys_newfstat ------------- Path:  Function:__ia32_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_newfstat(i64 %4, i64 %7) #69 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i64 @__fdget_raw(i32 %5) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_newfstat 3 __x64_sys_newfstat ------------- Path:  Function:__x64_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_newfstat(i64 %3, i64 %5) #69 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i64 @__fdget_raw(i32 %5) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_compat_sys_newfstat ------------- Path:  Function:__ia32_compat_sys_newfstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_stat* %10 = bitcast %struct.kstat* %2 to i8* %11 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_fcntl 3 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_fcntl 3 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 do_compat_fcntl64 3 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.compat_flock, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.compat_flock, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.compat_flock, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 do_compat_fcntl64 3 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.compat_flock, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.compat_flock, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.compat_flock, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable.120764** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable.120764* %33 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable.120764* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %40, i64 0, i32 1 %42 = load %struct.file.120508**, %struct.file.120508*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.120508*, %struct.file.120508** %42, i64 %47 %49 = bitcast %struct.file.120508** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.120508* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable.120764* %70 = icmp eq %struct.fdtable.120764* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.120508* %74 = icmp eq %struct.file.120508* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __x64_sys_lseek ------------- Path:  Function:__x64_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_sys_lseek ------------- Path:  Function:__ia32_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_lseek ------------- Path:  Function:__ia32_compat_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = shl i64 %5, 32 %11 = ashr exact i64 %10, 32 %12 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_llseek 4 __ia32_sys_llseek ------------- Path:  Function:__ia32_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_llseek(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_llseek 4 __x64_sys_llseek ------------- Path:  Function:__x64_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_llseek(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_read 4 __ia32_sys_read ------------- Path:  Function:__ia32_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_read(i32 %10, i8* %11, i64 %9) #69 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_read 4 __x64_sys_read ------------- Path:  Function:__x64_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_read(i32 %9, i8* %6, i64 %8) #69 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_write 4 __ia32_sys_write ------------- Path:  Function:__ia32_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_write(i32 %10, i8* %11, i64 %9) #69 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_write 4 __x64_sys_write ------------- Path:  Function:__x64_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_write(i32 %9, i8* %6, i64 %8) #69 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __x64_sys_preadv2 ------------- Path:  Function:__x64_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __ia32_sys_readv ------------- Path:  Function:__ia32_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __x64_sys_readv ------------- Path:  Function:__x64_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __x64_sys_pwritev2 ------------- Path:  Function:__x64_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __ia32_sys_writev ------------- Path:  Function:__ia32_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __x64_sys_writev ------------- Path:  Function:__x64_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_readv ------------- Path:  Function:__ia32_compat_sys_readv %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %7 to i32 %13 = tail call i64 @__fdget_pos(i32 %12) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = trunc i64 %11 to i32 %25 = inttoptr i64 %14 to %struct.util_est* %26 = trunc i64 %16 to i32 %27 = trunc i64 %23 to i32 %28 = shl i64 %21, 32 %29 = or i64 %28, %19 %30 = icmp eq i64 %29, -1 br i1 %30, label %31, label %78 %32 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_writev ------------- Path:  Function:__ia32_compat_sys_writev %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %8 to %struct.util_est* %21 = trunc i64 %18 to i32 %22 = shl i64 %16, 32 %23 = or i64 %22, %14 %24 = icmp eq i64 %23, -1 br i1 %24, label %25, label %49 %26 = tail call i64 @__fdget_pos(i32 %19) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __x64_sys_old_readdir ------------- Path:  Function:__x64_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_sys_old_readdir ------------- Path:  Function:__ia32_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_getdents 4 __ia32_sys_getdents ------------- Path:  Function:__ia32_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = inttoptr i64 %1 to %struct.old_linux_dirent* %6 = trunc i64 %2 to i32 %7 = bitcast %struct.getdents_callback* %4 to i8* %8 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %5, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store %struct.old_linux_dirent* null, %struct.old_linux_dirent** %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %6, i32* %13, align 8 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 4 %15 = and i64 %2, 4294967295 %16 = tail call %struct.task_struct.125251* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125251** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125251**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.125251, %struct.task_struct.125251* %16, i64 0, i32 161, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = add i64 %15, %1 %20 = icmp ult i64 %19, %15 %21 = icmp ugt i64 %19, %18 %22 = or i1 %20, %21 br i1 %22, label %57, label %23, !prof !5, !misexpect !6 %24 = trunc i64 %0 to i32 %25 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_getdents 4 __x64_sys_getdents ------------- Path:  Function:__x64_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = inttoptr i64 %1 to %struct.old_linux_dirent* %6 = trunc i64 %2 to i32 %7 = bitcast %struct.getdents_callback* %4 to i8* %8 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %5, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store %struct.old_linux_dirent* null, %struct.old_linux_dirent** %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %6, i32* %13, align 8 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 4 %15 = and i64 %2, 4294967295 %16 = tail call %struct.task_struct.125251* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125251** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125251**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.125251, %struct.task_struct.125251* %16, i64 0, i32 161, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = add i64 %15, %1 %20 = icmp ult i64 %19, %15 %21 = icmp ugt i64 %19, %18 %22 = or i1 %20, %21 br i1 %22, label %57, label %23, !prof !5, !misexpect !6 %24 = trunc i64 %0 to i32 %25 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_getdents64 4 __ia32_sys_getdents64 ------------- Path:  Function:__ia32_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.linux_dirent64* %11 = trunc i64 %8 to i32 %12 = tail call i32 @ksys_getdents64(i32 %9, %struct.linux_dirent64* %10, i32 %11) #69 Function:ksys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = bitcast %struct.getdents_callback64* %4 to i8* %6 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0 %7 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %8 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %1, %struct.linux_dirent64** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store %struct.linux_dirent64* null, %struct.linux_dirent64** %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %2, i32* %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %12, align 4 %13 = zext i32 %2 to i64 %14 = tail call %struct.task_struct.125251* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125251** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125251**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.125251, %struct.task_struct.125251* %14, i64 0, i32 161, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = ptrtoint %struct.linux_dirent64* %1 to i64 %18 = add i64 %13, %17 %19 = icmp ult i64 %18, %13 %20 = icmp ugt i64 %18, %16 %21 = or i1 %19, %20 br i1 %21, label %53, label %22, !prof !5, !misexpect !6 %23 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_getdents64 4 __x64_sys_getdents64 ------------- Path:  Function:__x64_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.linux_dirent64** %6 = load %struct.linux_dirent64*, %struct.linux_dirent64** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @ksys_getdents64(i32 %9, %struct.linux_dirent64* %6, i32 %10) #69 Function:ksys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = bitcast %struct.getdents_callback64* %4 to i8* %6 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0 %7 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %8 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %1, %struct.linux_dirent64** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store %struct.linux_dirent64* null, %struct.linux_dirent64** %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %2, i32* %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %12, align 4 %13 = zext i32 %2 to i64 %14 = tail call %struct.task_struct.125251* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125251** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125251**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.125251, %struct.task_struct.125251* %14, i64 0, i32 161, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = ptrtoint %struct.linux_dirent64* %1 to i64 %18 = add i64 %13, %17 %19 = icmp ult i64 %18, %13 %20 = icmp ugt i64 %18, %16 %21 = or i1 %19, %20 br i1 %21, label %53, label %22, !prof !5, !misexpect !6 %23 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_old_readdir ------------- Path:  Function:__ia32_compat_sys_old_readdir %2 = alloca %struct.compat_readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_getdents ------------- Path:  Function:__ia32_compat_sys_getdents %2 = alloca %struct.compat_getdents_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %11 = trunc i64 %9 to i32 %12 = bitcast %struct.compat_getdents_callback* %2 to i8* %13 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0 %14 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @compat_filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %14, align 8 %15 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 1 store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 1 store %struct.compat_old_linux_dirent* %10, %struct.compat_old_linux_dirent** %16, align 8 %17 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 2 store %struct.compat_old_linux_dirent* null, %struct.compat_old_linux_dirent** %17, align 8 %18 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 3 store i32 %11, i32* %18, align 8 %19 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = tail call %struct.task_struct.125251* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125251** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.125251**)) #10, !srcloc !4 %21 = getelementptr inbounds %struct.task_struct.125251, %struct.task_struct.125251* %20, i64 0, i32 161, i32 17, i32 0 %22 = load i64, i64* %21, align 8 %23 = and i64 %9, 4294967295 %24 = add nuw nsw i64 %23, %7 %25 = icmp ugt i64 %24, %22 br i1 %25, label %60, label %26, !prof !5, !misexpect !6 %27 = trunc i64 %4 to i32 %28 = tail call i64 @__fdget_pos(i32 %27) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 proc_ns_fget 4 __se_sys_setns 5 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %6 = tail call %struct.file.45918* bitcast (%struct.file.132813* (i32)* @proc_ns_fget to %struct.file.45918* (i32)*)(i32 %3) #69 Function:proc_ns_fget %2 = tail call %struct.file.132813* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.132813* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 proc_ns_fget 4 __se_sys_setns 5 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.46154* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.46154** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.46154**)) #10, !srcloc !4 %6 = tail call %struct.file.45918* bitcast (%struct.file.132813* (i32)* @proc_ns_fget to %struct.file.45918* (i32)*)(i32 %3) #69 Function:proc_ns_fget %2 = tail call %struct.file.132813* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.132813* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_getsockopt 5 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %208 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %209 = load i32, i32* %208, align 8 %210 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %211 = load i32, i32* %210, align 4 %212 = zext i32 %211 to i64 %213 = inttoptr i64 %212 to i8* %214 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 4 %215 = load i32, i32* %214, align 16 %216 = zext i32 %215 to i64 %217 = inttoptr i64 %216 to i32* %218 = call fastcc i32 @__compat_sys_getsockopt(i32 %90, i32 %92, i32 %209, i8* %213, i32* %217) #69 Function:__compat_sys_getsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 Function:sockfd_lookup %3 = tail call %struct.file.230059* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.230059* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_getsockopt 5 __ia32_compat_sys_getsockopt ------------- Path:  Function:__ia32_compat_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__compat_sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__compat_sys_getsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 Function:sockfd_lookup %3 = tail call %struct.file.230059* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.230059* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_setsockopt 5 __ia32_compat_sys_setsockopt ------------- Path:  Function:__ia32_compat_sys_setsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %10 to i8* %17 = trunc i64 %12 to i32 %18 = tail call fastcc i32 @__compat_sys_setsockopt(i32 %13, i32 %14, i32 %15, i8* %16, i32 %17) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 %8 = alloca %struct.sock_fprog_kern, align 8 %9 = alloca i32, align 4 %10 = bitcast i32* %9 to i8* %11 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %9) #69 Function:sockfd_lookup %3 = tail call %struct.file.230059* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.230059* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct.111411*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.111694* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.111694* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct.111411*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.111694* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.111694* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct.111411*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.111694* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.111694* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct.111411*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.111694* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.111694* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_compat_sys_x86_mmap ------------- Path:  Function:__ia32_compat_sys_x86_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct.111411*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %13, i64 0, i32 96 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 32 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.111694* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.111694* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 lo_ioctl 4 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %17 = trunc i64 %3 to i32 tail call void bitcast (void (%struct.module.39677*)* @__module_get to void (%struct.module.464189*)*)(%struct.module.464189* null) #69 %18 = tail call %struct.file.464164* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.464164* (i32)*)(i32 %17) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %17 = trunc i64 %3 to i32 tail call void bitcast (void (%struct.module.39677*)* @__module_get to void (%struct.module.464189*)*)(%struct.module.464189* null) #69 %18 = tail call %struct.file.464164* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.464164* (i32)*)(i32 %17) #69 Function:fget %2 = tail call fastcc %struct.file.120508* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %4, i64 0, i32 84 %6 = load %struct.files_struct.120765*, %struct.files_struct.120765** %5, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable.120764** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable.120764* %11 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable.120764* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %19, i64 0, i32 1 %21 = load %struct.file.120508**, %struct.file.120508*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.120508*, %struct.file.120508** %21, i64 %26 %28 = bitcast %struct.file.120508** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.120508* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable.120764* %54 = icmp eq %struct.fdtable.120764* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.120508* %58 = icmp eq %struct.file.120508* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 fget_raw 2 __scm_send 3 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie.609108, align 8 %5 = getelementptr inbounds %struct.socket.224988, %struct.socket.224988* %0, i64 0, i32 5 %6 = load %struct.sock.224990*, %struct.sock.224990** %5, align 8 %7 = bitcast %struct.sock.224990* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr.224711* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie.609108* %4 to i8* %11 = getelementptr inbounds %struct.msghdr.224711, %struct.msghdr.224711* %1, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %170 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie.609108, %struct.scm_cookie.609108* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie.609108, %struct.scm_cookie.609108* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %24, i64 0, i32 86 %26 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %25, align 64 %27 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %26, i64 0, i32 22, i64 1 %28 = load %struct.pid.224670*, %struct.pid.224670** %27, align 8 %29 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %24, i64 0, i32 78 %30 = load %struct.cred.224685*, %struct.cred.224685** %29, align 16 %31 = getelementptr inbounds %struct.cred.224685, %struct.cred.224685* %30, i64 0, i32 1, i32 0 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.cred.224685, %struct.cred.224685* %30, i64 0, i32 2, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq %struct.pid.224670* %28, null br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.pid.224670, %struct.pid.224670* %28, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32* %37) #6, !srcloc !5 br label %38 %39 = getelementptr inbounds %struct.scm_cookie.609108, %struct.scm_cookie.609108* %4, i64 0, i32 0 store %struct.pid.224670* %28, %struct.pid.224670** %39, align 8 %40 = tail call i32 bitcast (i32 (%struct.pid.45783*)* @pid_vnr to i32 (%struct.pid.224670*)*)(%struct.pid.224670* %28) #70 %41 = getelementptr inbounds %struct.scm_cookie.609108, %struct.scm_cookie.609108* %4, i64 0, i32 2, i32 0 store i32 %40, i32* %41, align 8 store i32 %32, i32* %22, align 4 store i32 %34, i32* %23, align 8 %42 = getelementptr inbounds %struct.scm_cookie.609108, %struct.scm_cookie.609108* %4, i64 0, i32 3 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.sk_buff*, i32*)* @security_socket_getpeersec_dgram to i32 (%struct.socket.224988*, %struct.sk_buff.224955*, i32*)*)(%struct.socket.224988* %0, %struct.sk_buff.224955* null, i32* %42) #70 %44 = getelementptr inbounds %struct.msghdr.224711, %struct.msghdr.224711* %1, i64 0, i32 4 %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %50, label %47 %48 = call i32 bitcast (i32 (%struct.socket.230347*, %struct.msghdr.230061*, %struct.scm_cookie*)* @__scm_send to i32 (%struct.socket.224988*, %struct.msghdr.224711*, %struct.scm_cookie.609108*)*)(%struct.socket.224988* %0, %struct.msghdr.224711* %1, %struct.scm_cookie.609108* nonnull %4) #70 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %197 %8 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 3 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %197, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 3 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %184, %182 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %195, %182 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %209 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %209, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %182 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %209 [ i32 1, label %41 i32 2, label %113 ] %42 = load %struct.proto_ops.230346*, %struct.proto_ops.230346** %19, align 8 %43 = icmp eq %struct.proto_ops.230346* %42, null br i1 %43, label %209, label %44 %45 = getelementptr inbounds %struct.proto_ops.230346, %struct.proto_ops.230346* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %209 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %182, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %209, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 6291648, i64 2040) #69 %63 = icmp eq i8* %62, null br i1 %63, label %209, label %64 %65 = bitcast i8* %62 to %struct.scm_fp_list* store i8* %62, i8** %21, align 8 %66 = bitcast i8* %62 to i16* store i16 0, i16* %66, align 8 %67 = getelementptr inbounds i8, i8* %62, i64 2 %68 = bitcast i8* %67 to i16* store i16 253, i16* %68, align 2 %69 = getelementptr inbounds i8, i8* %62, i64 8 %70 = bitcast i8* %69 to %struct.user_struct.230040** store %struct.user_struct.230040* null, %struct.user_struct.230040** %70, align 8 br label %71 %72 = phi %struct.scm_fp_list* [ %51, %58 ], [ %65, %64 ] %73 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 0 %74 = load i16, i16* %73, align 8 %75 = sext i16 %74 to i32 %76 = add nsw i32 %75, %54 %77 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 1 %78 = load i16, i16* %77, align 2 %79 = sext i16 %78 to i32 %80 = icmp sgt i32 %76, %79 br i1 %80, label %209, label %81 %82 = sext i16 %74 to i64 %83 = getelementptr %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 3, i64 %82 %84 = and i64 %53, 4294967295 br label %85 %86 = phi i64 [ 0, %81 ], [ %98, %94 ] %87 = phi %struct.file.230059** [ %83, %81 ], [ %95, %94 ] %88 = getelementptr i32, i32* %50, i64 %86 %89 = load i32, i32* %88, align 4 %90 = icmp slt i32 %89, 0 br i1 %90, label %209, label %91 %92 = tail call %struct.file.230059* bitcast (%struct.file.120508* (i32)* @fget_raw to %struct.file.230059* (i32)*)(i32 %89) #69 Function:fget_raw %2 = tail call %struct.task_struct.120847* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.120847** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.120847**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.120847, %struct.task_struct.120847* %2, i64 0, i32 84 %4 = load %struct.files_struct.120765*, %struct.files_struct.120765** %3, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct.120765, %struct.files_struct.120765* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable.120764** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable.120764* %9 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %60, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable.120764* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable.120764, %struct.fdtable.120764* %16, i64 0, i32 1 %18 = load %struct.file.120508**, %struct.file.120508*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.120508*, %struct.file.120508** %18, i64 %23 %25 = bitcast %struct.file.120508** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.120508* %28 = icmp eq i64 %26, 0 br i1 %28, label %60, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable.120764* %46 = icmp eq %struct.fdtable.120764* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.120508* %50 = icmp eq %struct.file.120508* %49, %27 br i1 %50, label %58, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.121581*, i32)* @fput_many to void (%struct.file.120508*, i32)*)(%struct.file.120508* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.121581, %struct.file.121581* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.121484* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.121484** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.121484**)) #10, !srcloc !5 %10 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #6, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.121484, %struct.task_struct.121484* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.121581* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Good: 2916 Bad: 236 Ignored: 6932 Check Use of Function:ida_free Use: =BAD PATH= Call Stack: 0 mnt_release_group_id 1 change_mnt_propagation 2 umount_tree 3 drop_collected_mounts 4 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.127974, %struct.ns_common.127974* %0, i64 -1, i32 2 %3 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = getelementptr inbounds i32, i32* %2, i64 8 %8 = bitcast i32* %7 to %struct.mount.127946** %9 = load %struct.mount.127946*, %struct.mount.127946** %8, align 8 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %9, i64 0, i32 3 tail call void @drop_collected_mounts(%struct.vfsmount.128217* %10) #69 Function:drop_collected_mounts %2 = alloca %struct.hlist_head, align 8 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.128081*)*)(%struct.rw_semaphore.128081* nonnull @namespace_sem) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @mount_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.vfsmount.128217, %struct.vfsmount.128217* %0, i64 -2, i32 2 %6 = bitcast i32* %5 to %struct.mount.127946* tail call fastcc void @umount_tree(%struct.mount.127946* %6, i32 0) #70 Function:umount_tree %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = and i32 %1, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %10, label %9 %11 = icmp eq %struct.mount.127946* %0, null br i1 %11, label %12, label %15 %16 = bitcast %struct.list_head* %3 to i64* br label %17 %18 = phi %struct.mount.127946* [ %0, %15 ], [ %50, %47 ] %19 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 3, i32 2 %20 = load i32, i32* %19, align 8 %21 = or i32 %20, 134217728 store i32 %21, i32* %19, align 8 %22 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10 %23 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 10, i32 1 %24 = load %struct.list_head*, %struct.list_head** %23, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %26 = load %struct.list_head*, %struct.list_head** %25, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %24, %struct.list_head** %27, align 8 %28 = ptrtoint %struct.list_head* %26 to i64 %29 = bitcast %struct.list_head* %24 to i64* store volatile i64 %28, i64* %29, align 8 %30 = load %struct.list_head*, %struct.list_head** %5, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 1 store %struct.list_head* %22, %struct.list_head** %31, align 8 store %struct.list_head* %30, %struct.list_head** %25, align 8 store %struct.list_head* %3, %struct.list_head** %23, align 8 %32 = ptrtoint %struct.list_head* %22 to i64 store volatile i64 %32, i64* %16, align 8 %33 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %18, i64 0, i32 6 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %33 br i1 %36, label %37, label %47 %38 = phi %struct.mount.127946* [ %44, %40 ], [ %18, %17 ] %39 = icmp eq %struct.mount.127946* %38, %0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 7, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %38, i64 0, i32 1 %44 = load %struct.mount.127946*, %struct.mount.127946** %43, align 8 %45 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %44, i64 0, i32 6 %46 = icmp eq %struct.list_head* %42, %45 br i1 %46, label %37, label %47 %48 = phi %struct.list_head* [ %35, %17 ], [ %42, %40 ] %49 = getelementptr %struct.list_head, %struct.list_head* %48, i64 -6 %50 = bitcast %struct.list_head* %49 to %struct.mount.127946* %51 = icmp eq %struct.list_head* %49, null br i1 %51, label %54, label %17 %55 = bitcast %struct.list_head* %22 to i8* br label %56 %57 = phi i8* [ %14, %12 ], [ %53, %52 ], [ %55, %54 ] %58 = bitcast i8* %57 to %struct.list_head* %59 = icmp eq %struct.list_head* %3, %58 br i1 %59, label %78, label %60 %61 = phi i8* [ %75, %60 ], [ %57, %56 ] %62 = getelementptr i8, i8* %61, i64 -40 %63 = getelementptr i8, i8* %61, i64 -32 %64 = bitcast i8* %63 to %struct.list_head** %65 = load %struct.list_head*, %struct.list_head** %64, align 8 %66 = bitcast i8* %62 to %struct.list_head** %67 = load %struct.list_head*, %struct.list_head** %66, align 8 %68 = getelementptr inbounds %struct.list_head, %struct.list_head* %67, i64 0, i32 1 store %struct.list_head* %65, %struct.list_head** %68, align 8 %69 = ptrtoint %struct.list_head* %67 to i64 %70 = bitcast %struct.list_head* %65 to i64* store volatile i64 %69, i64* %70, align 8 %71 = ptrtoint i8* %62 to i64 %72 = bitcast i8* %62 to i64* store volatile i64 %71, i64* %72, align 8 %73 = bitcast i8* %63 to i8** store i8* %62, i8** %73, align 8 %74 = bitcast i8* %61 to i8** %75 = load i8*, i8** %74, align 8 %76 = bitcast i8* %75 to %struct.list_head* %77 = icmp eq %struct.list_head* %3, %76 br i1 %77, label %78, label %60 br i1 %8, label %81, label %79 %82 = bitcast %struct.list_head* %3 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = inttoptr i64 %83 to %struct.list_head* %85 = icmp eq %struct.list_head* %3, %84 br i1 %85, label %212, label %86 %87 = and i32 %1, 1 %88 = icmp eq i32 %87, 0 %89 = and i32 %1, 4 %90 = icmp eq i32 %89, 0 br label %91 %92 = phi i64 [ %83, %86 ], [ %209, %208 ] %93 = inttoptr i64 %92 to i8* %94 = getelementptr i8, i8* %93, i64 -136 %95 = bitcast i8* %94 to %struct.mount.127946* %96 = getelementptr i8, i8* %93, i64 16 %97 = getelementptr i8, i8* %93, i64 24 %98 = bitcast i8* %97 to %struct.list_head** %99 = load %struct.list_head*, %struct.list_head** %98, align 8 %100 = bitcast i8* %96 to %struct.list_head** %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 1 store %struct.list_head* %99, %struct.list_head** %102, align 8 %103 = ptrtoint %struct.list_head* %101 to i64 %104 = bitcast %struct.list_head* %99 to i64* store volatile i64 %103, i64* %104, align 8 %105 = ptrtoint i8* %96 to i64 %106 = bitcast i8* %96 to i64* store volatile i64 %105, i64* %106, align 8 %107 = bitcast i8* %97 to i8** store i8* %96, i8** %107, align 8 %108 = getelementptr inbounds i8, i8* %93, i64 8 %109 = bitcast i8* %108 to %struct.list_head** %110 = load %struct.list_head*, %struct.list_head** %109, align 8 %111 = inttoptr i64 %92 to %struct.list_head** %112 = load %struct.list_head*, %struct.list_head** %111, align 8 %113 = getelementptr inbounds %struct.list_head, %struct.list_head* %112, i64 0, i32 1 store %struct.list_head* %110, %struct.list_head** %113, align 8 %114 = ptrtoint %struct.list_head* %112 to i64 %115 = bitcast %struct.list_head* %110 to i64* store volatile i64 %114, i64* %115, align 8 %116 = inttoptr i64 %92 to i64* store volatile i64 %92, i64* %116, align 8 %117 = bitcast i8* %108 to i8** store i8* %93, i8** %117, align 8 %118 = getelementptr i8, i8* %93, i64 88 %119 = bitcast i8* %118 to %struct.mnt_namespace.127948** %120 = load %struct.mnt_namespace.127948*, %struct.mnt_namespace.127948** %119, align 8 %121 = icmp eq %struct.mnt_namespace.127948* %120, null br i1 %121, label %132, label %122 %123 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 9 %124 = load i32, i32* %123, align 8 %125 = add i32 %124, -1 store i32 %125, i32* %123, align 8 %126 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 8 %127 = load i64, i64* %126, align 8 %128 = load i64, i64* @event, align 8 %129 = icmp eq i64 %127, %128 br i1 %129, label %132, label %130 store i64 %128, i64* %126, align 8 %131 = getelementptr inbounds %struct.mnt_namespace.127948, %struct.mnt_namespace.127948* %120, i64 0, i32 7 call void @__wake_up(%struct.wait_queue_head* %131, i32 1, i32 1, i8* null) #69 br label %132 store %struct.mnt_namespace.127948* null, %struct.mnt_namespace.127948** %119, align 8 br i1 %88, label %141, label %133 %142 = getelementptr i8, i8* %93, i64 -120 %143 = bitcast i8* %142 to %struct.mount.127946** %144 = load %struct.mount.127946*, %struct.mount.127946** %143, align 8 %145 = icmp eq %struct.mount.127946* %144, %95 br i1 %145, label %156, label %146 %147 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3, i32 2 %148 = load i32, i32* %147, align 8 %149 = and i32 %148, 134217728 %150 = icmp eq i32 %149, 0 br i1 %150, label %156, label %151 br i1 %90, label %162, label %152 %153 = getelementptr i8, i8* %93, i64 168 %154 = bitcast i8* %153 to %struct.fs_pin* %155 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %144, i64 0, i32 3 br label %175 %176 = phi %struct.vfsmount.128217* [ %172, %171 ], [ %170, %162 ], [ %155, %152 ] %177 = phi %struct.mount.127946** [ %173, %171 ], [ %143, %162 ], [ %143, %152 ] %178 = phi %struct.fs_pin* [ %174, %171 ], [ %169, %162 ], [ %154, %152 ] %179 = phi i1 [ true, %171 ], [ false, %162 ], [ false, %152 ] %180 = phi %struct.hlist_head* [ @unmounted, %171 ], [ null, %162 ], [ null, %152 ] call void bitcast (void (%struct.fs_pin.132569*, %struct.vfsmount.132466*, %struct.hlist_head*)* @pin_insert_group to void (%struct.fs_pin*, %struct.vfsmount.128217*, %struct.hlist_head*)*)(%struct.fs_pin* %178, %struct.vfsmount.128217* %176, %struct.hlist_head* %180) #69 %181 = getelementptr i8, i8* %93, i64 -120 %182 = bitcast i8* %181 to %struct.mount.127946** %183 = load %struct.mount.127946*, %struct.mount.127946** %182, align 8 %184 = icmp eq %struct.mount.127946* %183, %95 br i1 %184, label %208, label %185 call void @change_mnt_propagation(%struct.mount.127946* %95, i32 262144) #69 Function:change_mnt_propagation %3 = icmp eq i32 %1, 1048576 br i1 %3, label %4, label %9 %10 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %0, i64 0, i32 12 %11 = bitcast %struct.list_head* %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.list_head* %14 = icmp eq %struct.list_head* %10, %13 br i1 %14, label %15, label %51 %16 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %0, i64 0, i32 3, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %23, label %20 tail call void @mnt_release_group_id(%struct.mount.127946* %0) #69 Function:mnt_release_group_id %2 = getelementptr inbounds %struct.mount.127946, %struct.mount.127946* %0, i64 0, i32 23 %3 = load i32, i32* %2, align 8 tail call void @ida_free(%struct.ida* nonnull @mnt_group_ida, i32 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.146593* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %85 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %138, label %88 %89 = load i32, i32* %73, align 4 %90 = add i32 %89, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %90) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_readdir 2 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 bitcast (i32 (%struct.file.146593*, %struct.dir_context*)* @proc_readdir to i32 (%struct.file.146960*, %struct.dir_context*)*)(%struct.file.146960* %0, %struct.dir_context* %1) #69 Function:proc_readdir %3 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.146593* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %85 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %138, label %88 %89 = load i32, i32* %73, align 4 %90 = add i32 %89, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %90) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %0, i64 0, i32 2 %4 = load %struct.inode.152815*, %struct.inode.152815** %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.inode.152815, %struct.inode.152815* %4, i64 -1, i32 40, i32 12, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.pid** %7 = load %struct.pid*, %struct.pid** %6, align 8 %8 = tail call %struct.task_struct.152773* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.152773* (%struct.pid*, i32)*)(%struct.pid* %7, i32 0) #69 %9 = icmp eq %struct.task_struct.152773* %8, null br i1 %9, label %10, label %11 %12 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 102, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 85 %14 = load %struct.nsproxy.152721*, %struct.nsproxy.152721** %13, align 8 %15 = icmp eq %struct.nsproxy.152721* %14, null br i1 %15, label %20, label %16 %21 = phi %struct.net.152719* [ %18, %16 ], [ null, %11 ] %22 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 102 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %23 = bitcast %struct.spinlock* %22 to i8* store volatile i8 0, i8* %23, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = icmp eq %struct.net.152719* %21, null br i1 %24, label %34, label %25 %26 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %21, i64 0, i32 13 %27 = load %struct.proc_dir_entry.152614*, %struct.proc_dir_entry.152614** %26, align 8 %28 = tail call i32 bitcast (i32 (%struct.file.146593*, %struct.dir_context*, %struct.proc_dir_entry*)* @proc_readdir_de to i32 (%struct.file.152824*, %struct.dir_context*, %struct.proc_dir_entry.152614*)*)(%struct.file.152824* %0, %struct.dir_context* %1, %struct.proc_dir_entry.152614* %27) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %85 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %138, label %88 %89 = load i32, i32* %73, align 4 %90 = add i32 %89, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %90) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.146593* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %106 = load i64, i64* %4, align 8 %107 = add i64 %106, 1 store i64 %107, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %108 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %109 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %108) #69 %110 = icmp eq %struct.rb_node* %109, null %111 = getelementptr %struct.rb_node, %struct.rb_node* %109, i64 -6, i32 1 %112 = bitcast %struct.rb_node** %111 to %struct.proc_dir_entry* %113 = select i1 %110, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %112 %114 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %115 = and i8 %114, 1 %116 = icmp eq i8 %115, 0 br i1 %116, label %134, label %117 %118 = load i32, i32* %73, align 4 %119 = add i32 %118, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %119) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_readdir 2 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 bitcast (i32 (%struct.file.146593*, %struct.dir_context*)* @proc_readdir to i32 (%struct.file.146960*, %struct.dir_context*)*)(%struct.file.146960* %0, %struct.dir_context* %1) #69 Function:proc_readdir %3 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %4 = load %struct.inode.146664*, %struct.inode.146664** %3, align 8 %5 = getelementptr %struct.inode.146664, %struct.inode.146664* %4, i64 -1, i32 40, i32 12, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 3 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry** %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.146593* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %106 = load i64, i64* %4, align 8 %107 = add i64 %106, 1 store i64 %107, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %108 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %109 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %108) #69 %110 = icmp eq %struct.rb_node* %109, null %111 = getelementptr %struct.rb_node, %struct.rb_node* %109, i64 -6, i32 1 %112 = bitcast %struct.rb_node** %111 to %struct.proc_dir_entry* %113 = select i1 %110, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %112 %114 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %115 = and i8 %114, 1 %116 = icmp eq i8 %115, 0 br i1 %116, label %134, label %117 %118 = load i32, i32* %73, align 4 %119 = add i32 %118, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %119) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_readdir_de 1 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file.152824, %struct.file.152824* %0, i64 0, i32 2 %4 = load %struct.inode.152815*, %struct.inode.152815** %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr %struct.inode.152815, %struct.inode.152815* %4, i64 -1, i32 40, i32 12, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.pid** %7 = load %struct.pid*, %struct.pid** %6, align 8 %8 = tail call %struct.task_struct.152773* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.152773* (%struct.pid*, i32)*)(%struct.pid* %7, i32 0) #69 %9 = icmp eq %struct.task_struct.152773* %8, null br i1 %9, label %10, label %11 %12 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 102, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 85 %14 = load %struct.nsproxy.152721*, %struct.nsproxy.152721** %13, align 8 %15 = icmp eq %struct.nsproxy.152721* %14, null br i1 %15, label %20, label %16 %21 = phi %struct.net.152719* [ %18, %16 ], [ null, %11 ] %22 = getelementptr inbounds %struct.task_struct.152773, %struct.task_struct.152773* %8, i64 0, i32 102 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %23 = bitcast %struct.spinlock* %22 to i8* store volatile i8 0, i8* %23, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = icmp eq %struct.net.152719* %21, null br i1 %24, label %34, label %25 %26 = getelementptr inbounds %struct.net.152719, %struct.net.152719* %21, i64 0, i32 13 %27 = load %struct.proc_dir_entry.152614*, %struct.proc_dir_entry.152614** %26, align 8 %28 = tail call i32 bitcast (i32 (%struct.file.146593*, %struct.dir_context*, %struct.proc_dir_entry*)* @proc_readdir_de to i32 (%struct.file.152824*, %struct.dir_context*, %struct.proc_dir_entry.152614*)*)(%struct.file.152824* %0, %struct.dir_context* %1, %struct.proc_dir_entry.152614* %27) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.146668*, %struct.dentry.146668** %9, align 8 %11 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %10, i64 0, i32 5 %12 = load %struct.inode.146664*, %struct.inode.146664** %11, align 8 %13 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.16141, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %138 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.146668*, %struct.dentry.146668** %21, align 8 %23 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %22, i64 0, i32 3 %26 = load %struct.dentry.146668*, %struct.dentry.146668** %25, align 8 %27 = getelementptr inbounds %struct.dentry.146668, %struct.dentry.146668* %26, i64 0, i32 5 %28 = load %struct.inode.146664*, %struct.inode.146664** %27, align 8 %29 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.16142, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %138 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %113, %134 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A", "=*m,*m,~{cc},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !8 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %68 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %69 = load i8*, i8** %68, align 8 %70 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 22 %71 = load i8, i8* %70, align 2 %72 = zext i8 %71 to i32 %73 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %74 = load i32, i32* %73, align 4 %75 = zext i32 %74 to i64 %76 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %77 = load i16, i16* %76, align 8 %78 = lshr i16 %77, 12 %79 = zext i16 %78 to i32 %80 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %81 = load i64, i64* %4, align 8 %82 = tail call i32 %80(%struct.dir_context* %1, i8* %69, i32 %72, i64 %81, i64 %75, i32 %79) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %105, label %84 %106 = load i64, i64* %4, align 8 %107 = add i64 %106, 1 store i64 %107, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %108 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %109 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %108) #69 %110 = icmp eq %struct.rb_node* %109, null %111 = getelementptr %struct.rb_node, %struct.rb_node* %109, i64 -6, i32 1 %112 = bitcast %struct.rb_node** %111 to %struct.proc_dir_entry* %113 = select i1 %110, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %112 %114 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32* %66) #6, !srcloc !9 %115 = and i8 %114, 1 %116 = icmp eq i8 %115, 0 br i1 %116, label %134, label %117 %118 = load i32, i32* %73, align 4 %119 = add i32 %118, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %119) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 2, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %117 %11 = icmp eq %struct.rpc_cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.198674* %2, null br i1 %14, label %71, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %71, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.198674, %struct.nfs_lock_context.198674* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.198674, %struct.nfs_lock_context.198674* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.198681*, %struct.nfs_open_context.198681** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.198681, %struct.nfs_open_context.198681* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #69 %28 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.198705** %30 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %66, label %33 %67 = phi %struct.nfs4_lock_state.198705* [ %47, %59 ], [ %47, %55 ], [ %47, %49 ], [ null, %46 ], [ null, %19 ] %68 = phi i1 [ false, %59 ], [ false, %55 ], [ true, %49 ], [ false, %46 ], [ false, %19 ] %69 = phi i32 [ 0, %59 ], [ -2, %55 ], [ -5, %49 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %70 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %70, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.198705* %67) #69 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.198705* %0, null br i1 %2, label %48, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%union.anon.21* %6, %struct.spinlock* %7) #69 br i1 %8, label %9, label %48 %10 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %10, align 8 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 2 %18 = bitcast %struct.list_head* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = inttoptr i64 %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %22, label %25 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %26, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 3 %28 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %28, i64 0, i32 0 %30 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 2 %32 = load volatile i64, i64* %31, align 8 %33 = and i64 %32, 1 %34 = icmp eq i64 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %30, i64 0, i32 44 %44 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 3, i32 1 %45 = load i32, i32* %44, align 8 tail call void @ida_free(%struct.ida* %43, i32 %45) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 22, i32 0, i32 0 %5 = load %struct.nfs4_slot.197116*, %struct.nfs4_slot.197116** %4, align 8 %6 = icmp eq %struct.nfs4_slot.197116* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 2 %22 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.197148, %struct.nfs_pgio_header.197148* %1, i64 0, i32 21, i32 3 %24 = load %struct.nfs_lock_context.197128*, %struct.nfs_lock_context.197128** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %22, i64 0, i32 4 %27 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %27, i32 1, %struct.nfs_lock_context.197128* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.rpc_cred** null) #69 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %117 %11 = icmp eq %struct.rpc_cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.198674* %2, null br i1 %14, label %71, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %71, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.198674, %struct.nfs_lock_context.198674* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.198674, %struct.nfs_lock_context.198674* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.198681*, %struct.nfs_open_context.198681** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.198681, %struct.nfs_open_context.198681* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #69 %28 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.198705** %30 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %66, label %33 %67 = phi %struct.nfs4_lock_state.198705* [ %47, %59 ], [ %47, %55 ], [ %47, %49 ], [ null, %46 ], [ null, %19 ] %68 = phi i1 [ false, %59 ], [ false, %55 ], [ true, %49 ], [ false, %46 ], [ false, %19 ] %69 = phi i32 [ 0, %59 ], [ -2, %55 ], [ -5, %49 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %70 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %70, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.198705* %67) #69 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.198705* %0, null br i1 %2, label %48, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.198680*, %struct.nfs4_state.198680** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%union.anon.21* %6, %struct.spinlock* %7) #69 br i1 %8, label %9, label %48 %10 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %10, align 8 %17 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 2 %18 = bitcast %struct.list_head* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = inttoptr i64 %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %22, label %25 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %26, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %5, i64 0, i32 3 %28 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %28, i64 0, i32 0 %30 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 2 %32 = load volatile i64, i64* %31, align 8 %33 = and i64 %32, 1 %34 = icmp eq i64 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %30, i64 0, i32 44 %44 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %0, i64 0, i32 3, i32 1 %45 = load i32, i32* %44, align 8 tail call void @ida_free(%struct.ida* %43, i32 %45) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_getlk 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.197135** %7 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %7, i64 0, i32 4 %9 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %12 = icmp eq %struct.nfs4_state.197134* %9, null br i1 %12, label %137, label %13 %14 = tail call fastcc i32 @nfs4_proc_getlk(%struct.nfs4_state.197134* nonnull %9, %struct.file_lock.592* %2) #69 Function:nfs4_proc_getlk %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs_lockt_args, align 8 %6 = alloca %struct.nfs_lockt_res, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 4 %11 = bitcast %struct.nfs_lockt_args* %5 to i8* %12 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 1 %13 = bitcast %struct.nfs_fh** %12 to i64** %14 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 1 %16 = bitcast i64* %15 to i8* %17 = bitcast %struct.nfs_lockt_res* %6 to i8* %18 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 1 %19 = bitcast %struct.rpc_message* %7 to i8* %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.nfs_lockt_args** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %24 = bitcast i8** %23 to %struct.nfs_lockt_res** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_cred** %25 to i64* %28 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 0 %29 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0 %30 = getelementptr inbounds %struct.file_lock.592, %struct.file_lock.592* %1, i64 0, i32 18 %31 = bitcast %union.anon.61* %30 to %struct.nfs4_lock_state.197163** %32 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 2 %33 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.file_lock.592, %struct.file_lock.592* %1, i64 0, i32 6 %55 = getelementptr inbounds %struct.file_lock.592, %struct.file_lock.592* %1, i64 0, i32 16 %56 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %57 %58 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %59 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %58, i64 0, i32 8 %60 = load %struct.super_block.720*, %struct.super_block.720** %59, align 8 %61 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %60, i64 0, i32 30 %62 = bitcast i8** %61 to %struct.nfs_server.197100** %63 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %62, align 64 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %63, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 %66 = getelementptr %struct.inode.733, %struct.inode.733* %58, i64 -1, i32 16, i32 1 store i64* %66, i64** %13, align 8 store %struct.file_lock.592* %1, %struct.file_lock.592** %14, align 8 store %struct.file_lock.592* %1, %struct.file_lock.592** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 15), %struct.rpc_procinfo** %20, align 8 store %struct.nfs_lockt_args* %5, %struct.nfs_lockt_args** %22, align 8 store %struct.nfs_lockt_res* %6, %struct.nfs_lockt_res** %24, align 8 %67 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %26, align 8 %68 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %67, i64 0, i32 4 %69 = bitcast %struct.rpc_cred** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %27, align 8 %71 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 18 %72 = load i64, i64* %71, align 8 store i64 %72, i64* %28, align 8 %73 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, %struct.file_lock.592*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.197134*, %struct.file_lock.592*)*)(%struct.nfs4_state.197134* %0, %struct.file_lock.592* %1) #69 %112 = phi i32 [ %73, %57 ], [ %107, %106 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_get_lock to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_getlk, %113)) #6 to label %135 [label %113], !srcloc !4 %136 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %137 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %136, i64 0, i32 8 %138 = load %struct.super_block.720*, %struct.super_block.720** %137, align 8 %139 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %138, i64 0, i32 30 %140 = bitcast i8** %139 to %struct.nfs_server.197100** %141 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %140, align 64 %142 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %141, i32 %112, %struct.nfs4_exception* nonnull %8) #70 %143 = load i8, i8* %56, align 8 %144 = and i8 %143, 8 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %57 %58 = load %struct.inode.733*, %struct.inode.733** %10, align 8 %59 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %58, i64 0, i32 8 %60 = load %struct.super_block.720*, %struct.super_block.720** %59, align 8 %61 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %60, i64 0, i32 30 %62 = bitcast i8** %61 to %struct.nfs_server.197100** %63 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %62, align 64 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %63, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 %66 = getelementptr %struct.inode.733, %struct.inode.733* %58, i64 -1, i32 16, i32 1 store i64* %66, i64** %13, align 8 store %struct.file_lock.592* %1, %struct.file_lock.592** %14, align 8 store %struct.file_lock.592* %1, %struct.file_lock.592** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 15), %struct.rpc_procinfo** %20, align 8 store %struct.nfs_lockt_args* %5, %struct.nfs_lockt_args** %22, align 8 store %struct.nfs_lockt_res* %6, %struct.nfs_lockt_res** %24, align 8 %67 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %26, align 8 %68 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %67, i64 0, i32 4 %69 = bitcast %struct.rpc_cred** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %27, align 8 %71 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 18 %72 = load i64, i64* %71, align 8 store i64 %72, i64* %28, align 8 %73 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, %struct.file_lock.592*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.197134*, %struct.file_lock.592*)*)(%struct.nfs4_state.197134* %0, %struct.file_lock.592* %1) #69 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock.592, %struct.file_lock.592* %1, i64 0, i32 16 %4 = load %struct.file_lock_operations.588*, %struct.file_lock_operations.588** %3, align 8 %5 = icmp eq %struct.file_lock_operations.588* %4, null br i1 %5, label %6, label %107 %7 = getelementptr inbounds %struct.file_lock.592, %struct.file_lock.592* %1, i64 0, i32 4 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.198705** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.198705* [ null, %6 ], [ %55, %86 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #69 %17 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %38, label %20 %21 = phi %struct.nfs4_lock_state.198705* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.198705* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.198705* %21, %struct.nfs4_lock_state.198705* %22 %29 = bitcast %struct.nfs4_lock_state.198705* %21 to %struct.nfs4_lock_state.198705** %30 = load %struct.nfs4_lock_state.198705*, %struct.nfs4_lock_state.198705** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.198705* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.198705* %34, null br i1 %35, label %38, label %36 %39 = icmp eq %struct.nfs4_lock_state.198705* %16, null br i1 %39, label %49, label %40 %41 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %16, i64 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %17, i64 0, i32 0, i32 1 store %struct.list_head* %41, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %44, align 8 %45 = ptrtoint %struct.nfs4_lock_state.198705* %16 to i64 %46 = bitcast %struct.list_head* %11 to i64* store volatile i64 %45, i64* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %48 = bitcast i64* %47 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i8 1, i8* %48) #6, !srcloc !5 br label %91 %92 = phi %struct.nfs4_lock_state.198705* [ %34, %36 ], [ %16, %40 ] %93 = phi %struct.nfs4_lock_state.198705* [ %16, %36 ], [ null, %40 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %94 = icmp eq %struct.nfs4_lock_state.198705* %93, null br i1 %94, label %104, label %95 %96 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %14, align 8 %97 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %96, i64 0, i32 0 %98 = load %struct.nfs_server.198646*, %struct.nfs_server.198646** %97, align 8 %99 = getelementptr inbounds %struct.nfs_server.198646, %struct.nfs_server.198646* %98, i64 0, i32 44 %100 = getelementptr inbounds %struct.nfs4_lock_state.198705, %struct.nfs4_lock_state.198705* %93, i64 0, i32 3, i32 1 %101 = load i32, i32* %100, align 8 tail call void @ida_free(%struct.ida* %99, i32 %101) #69 ------------- Good: 116 Bad: 10 Ignored: 121 Check Use of Function:perf_uprobe_init Check Use of Function:ext4_double_up_write_data_sem Check Use of Function:perform_atomic_semop Check Use of Function:security_task_getscheduler Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_compat_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_compat_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.48* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.50485* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.50485* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.48* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.50485* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.50485* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.anon.48** %7 = load %struct.anon.48*, %struct.anon.48** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.48* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.48* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.50485* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.50485* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.50485* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.50485* %21, null br i1 %22, label %26, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.50485* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.50485* %21, null br i1 %22, label %26, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = shl i32 %10, 3 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp uge i32 %13, %14 %16 = and i32 %10, 3 %17 = icmp eq i32 %16, 0 %18 = and i1 %17, %15 br i1 %18, label %19, label %77 %20 = trunc i64 %4 to i32 %21 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %22 = call i64 @sched_getaffinity(i32 %20, %struct.cpumask* nonnull %21) #69 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct.50485* bitcast (%struct.task_struct.46154* (i32)* @find_task_by_vpid to %struct.task_struct.50485* (i32)*)(i32 %0) #69 br label %8 %9 = phi %struct.task_struct.50485* [ %5, %4 ], [ %7, %6 ] %10 = icmp eq %struct.task_struct.50485* %9, null br i1 %10, label %22, label %11 %12 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kuid_t* %2 to i8* %10 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = icmp eq i64 %7, 0 %12 = icmp slt i32 %8, 0 %13 = or i1 %12, %11 br i1 %13, label %42, label %14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %8, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.50485* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.50485* %21, null br i1 %22, label %39, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %12 %13 = phi %struct.task_struct.50485* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.50485* %13, null br i1 %14, label %27, label %15 %16 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.sched_attr* %5 to i8* %8 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %5, i64 0, i32 0 store i32 48, i32* %8, align 8 %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %2 to i32 %14 = trunc i64 %3 to i32 %15 = add i32 %13, -48 %16 = icmp ugt i32 %15, 4048 %17 = icmp ne i32 %14, 0 %18 = or i1 %16, %17 br i1 %18, label %76, label %19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = icmp eq i32 %6, 0 br i1 %20, label %23, label %21 %24 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %25 %26 = phi %struct.task_struct.50485* [ %22, %21 ], [ %24, %23 ] %27 = icmp eq %struct.task_struct.50485* %26, null br i1 %27, label %73, label %28 %29 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.sched_attr* %5 to i8* %8 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %5, i64 0, i32 0 store i32 48, i32* %8, align 8 %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %2 to i32 %14 = trunc i64 %3 to i32 %15 = add i32 %13, -48 %16 = icmp ugt i32 %15, 4048 %17 = icmp ne i32 %14, 0 %18 = or i1 %16, %17 br i1 %18, label %76, label %19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = icmp eq i32 %6, 0 br i1 %20, label %23, label %21 %24 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %25 %26 = phi %struct.task_struct.50485* [ %22, %21 ], [ %24, %23 ] %27 = icmp eq %struct.task_struct.50485* %26, null br i1 %27, label %73, label %28 %29 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kuid_t* %2 to i8* %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = icmp eq i64 %6, 0 %11 = icmp slt i32 %7, 0 %12 = or i1 %11, %10 br i1 %12, label %41, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = icmp eq i32 %7, 0 br i1 %14, label %17, label %15 %18 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %19 %20 = phi %struct.task_struct.50485* [ %16, %15 ], [ %18, %17 ] %21 = icmp eq %struct.task_struct.50485* %20, null br i1 %21, label %38, label %22 %23 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %20) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !5 br label %12 %13 = phi %struct.task_struct.50485* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.50485* %13, null br i1 %14, label %27, label %15 %16 = tail call i32 bitcast (i32 (%struct.task_struct.229311*)* @security_task_getscheduler to i32 (%struct.task_struct.50485*)*)(%struct.task_struct.50485* nonnull %13) #69 ------------- Good: 1 Bad: 12 Ignored: 0 Check Use of Function:blkdev_issue_discard Check Use of Function:nf_setsockopt Check Use of Function:ext4_get_inode_loc Use: =BAD PATH= Call Stack: 0 ext4_xattr_ibody_get 1 ext4_xattr_get 2 ext4_xattr_security_get ------------- Path:  Function:ext4_xattr_security_get %7 = tail call i32 bitcast (i32 (%struct.inode.166778*, i32, i8*, i8*, i64)* @ext4_xattr_get to i32 (%struct.inode*, i32, i8*, i8*, i64)*)(%struct.inode* %2, i32 6, i8* %3, i8* %4, i64 %5) #69 Function:ext4_xattr_get %6 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %7 = load %struct.super_block.166754*, %struct.super_block.166754** %6, align 8 %8 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %7, i64 0, i32 30 %9 = bitcast i8** %8 to %struct.ext4_sb_info.168034** %10 = load %struct.ext4_sb_info.168034*, %struct.ext4_sb_info.168034** %9, align 64 %11 = getelementptr inbounds %struct.ext4_sb_info.168034, %struct.ext4_sb_info.168034* %10, i64 0, i32 48 %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 2 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %138, !prof !4, !misexpect !5 %16 = tail call i64 @strlen(i8* %2) #69 %17 = icmp ugt i64 %16, 255 br i1 %17, label %138, label %18 %19 = getelementptr %struct.inode.166778, %struct.inode.166778* %0, i64 -1, i32 38 %20 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %19, i64 11 %21 = bitcast %struct.file_operations.166774** %20 to %struct.rw_semaphore.166714* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.166714*)*)(%struct.rw_semaphore.166714* %21) #70 %22 = tail call i32 @ext4_xattr_ibody_get(%struct.inode.166778* %0, i32 %1, i8* %2, i8* %3, i64 %4) #69 Function:ext4_xattr_ibody_get %6 = alloca %struct.ext4_iloc.167988, align 8 %7 = bitcast %struct.ext4_iloc.167988* %6 to i8* %8 = getelementptr %struct.inode.166778, %struct.inode.166778* %0, i64 -1, i32 38 %9 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %8, i64 10 %10 = bitcast %struct.file_operations.166774** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 17179869184 %13 = icmp eq i64 %12, 0 br i1 %13, label %191, label %14 %15 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.ext4_iloc.162269*)* @ext4_get_inode_loc to i32 (%struct.inode.166778*, %struct.ext4_iloc.167988*)*)(%struct.inode.166778* %0, %struct.ext4_iloc.167988* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_listxattr ------------- Path:  Function:ext4_listxattr %4 = alloca %struct.ext4_iloc.167988, align 8 %5 = getelementptr inbounds %struct.dentry.166782, %struct.dentry.166782* %0, i64 0, i32 5 %6 = load %struct.inode.166778*, %struct.inode.166778** %5, align 8 %7 = getelementptr %struct.inode.166778, %struct.inode.166778* %6, i64 -1, i32 38 %8 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %7, i64 11 %9 = bitcast %struct.file_operations.166774** %8 to %struct.rw_semaphore.166714* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.166714*)*)(%struct.rw_semaphore.166714* %9) #69 %10 = load %struct.inode.166778*, %struct.inode.166778** %5, align 8 %11 = bitcast %struct.ext4_iloc.167988* %4 to i8* %12 = getelementptr %struct.inode.166778, %struct.inode.166778* %10, i64 -1, i32 38 %13 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %12, i64 10 %14 = bitcast %struct.file_operations.166774** %13 to i64* %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 17179869184 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %19 %20 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.ext4_iloc.162269*)* @ext4_get_inode_loc to i32 (%struct.inode.166778*, %struct.ext4_iloc.167988*)*)(%struct.inode.166778* %10, %struct.ext4_iloc.167988* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_listxattr ------------- Path:  Function:ext4_listxattr %4 = alloca %struct.ext4_iloc.167988, align 8 %5 = getelementptr inbounds %struct.dentry.166782, %struct.dentry.166782* %0, i64 0, i32 5 %6 = load %struct.inode.166778*, %struct.inode.166778** %5, align 8 %7 = getelementptr %struct.inode.166778, %struct.inode.166778* %6, i64 -1, i32 38 %8 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %7, i64 11 %9 = bitcast %struct.file_operations.166774** %8 to %struct.rw_semaphore.166714* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.166714*)*)(%struct.rw_semaphore.166714* %9) #69 %10 = load %struct.inode.166778*, %struct.inode.166778** %5, align 8 %11 = bitcast %struct.ext4_iloc.167988* %4 to i8* %12 = getelementptr %struct.inode.166778, %struct.inode.166778* %10, i64 -1, i32 38 %13 = getelementptr inbounds %struct.file_operations.166774*, %struct.file_operations.166774** %12, i64 10 %14 = bitcast %struct.file_operations.166774** %13 to i64* %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 17179869184 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %19 %20 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.ext4_iloc.162269*)* @ext4_get_inode_loc to i32 (%struct.inode.166778*, %struct.ext4_iloc.167988*)*)(%struct.inode.166778* %10, %struct.ext4_iloc.167988* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 htree_inlinedir_to_tree 1 ext4_htree_fill_tree 2 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 2 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 8 %8 = load %struct.super_block.100615*, %struct.super_block.100615** %7, align 8 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %6, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 2048 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %827 %16 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 30 %17 = bitcast i8** %16 to %struct.ext4_sb_info.158692** %18 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %17, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %18, i64 0, i32 15 %20 = load %struct.ext4_super_block*, %struct.ext4_super_block** %19, align 8 %21 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %20, i64 0, i32 28 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 32 %24 = icmp eq i32 %23, 0 br i1 %24, label %530, label %25 %26 = load volatile i64, i64* %11, align 8 %27 = and i64 %26, 4096 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %46 %30 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 14 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 2 %33 = load i8, i8* %32, align 4 %34 = zext i8 %33 to i64 %35 = ashr i64 %31, %34 %36 = icmp eq i64 %35, 1 br i1 %36, label %46, label %37 %38 = load volatile i64, i64* %11, align 8 %39 = and i64 %38, 268435456 %40 = icmp eq i64 %39, 0 br i1 %40, label %530, label %41 %42 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %43 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %42, i64 0, i32 28 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, 0 br i1 %45, label %530, label %46 %47 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 16 %48 = bitcast i8** %47 to %struct.dir_private_info** %49 = load %struct.dir_private_info*, %struct.dir_private_info** %48, align 8 %50 = icmp eq %struct.dir_private_info* %49, null br i1 %50, label %54, label %51 %55 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %56 = load i64, i64* %55, align 8 %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 6), align 16 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 6324416, i64 48) #69 %59 = icmp eq i8* %58, null br i1 %59, label %827, label %60 %61 = bitcast i8* %58 to %struct.dir_private_info* %62 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %63 = load i32, i32* %62, align 4 %64 = and i32 %63, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %86 %67 = and i32 %63, 1024 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %91 %70 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %71 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %70, i64 0, i32 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 2 %74 = icmp eq i32 %73, 0 %75 = trunc i64 %56 to i32 %76 = shl i32 %75, 1 %77 = lshr i64 %56, 31 %78 = trunc i64 %77 to i32 %79 = and i32 %78, -2 %80 = select i1 %74, i32 %79, i32 %76 %81 = getelementptr inbounds i8, i8* %58, i64 32 %82 = bitcast i8* %81 to i32* store i32 %80, i32* %82, align 8 %83 = load i32, i32* %71, align 8 %84 = and i32 %83, 2 %85 = icmp eq i32 %84, 0 br i1 %85, label %97, label %99 %98 = trunc i64 %56 to i32 br label %99 %100 = phi i32 [ %98, %97 ], [ 0, %69 ], [ 0, %86 ] %101 = getelementptr inbounds i8, i8* %58, i64 36 %102 = bitcast i8* %101 to i32* store i32 %100, i32* %102, align 4 store i8* %58, i8** %47, align 8 br label %103 %104 = phi %struct.dir_private_info* [ %49, %51 ], [ %61, %99 ] %105 = phi i32 [ %53, %51 ], [ %63, %99 ] %106 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %109 = and i32 %105, 512 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 %112 = and i32 %105, 1024 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %120 %115 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %116 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %115, i64 0, i32 0, i32 1 %117 = load i32, i32* %116, align 8 %118 = and i32 %117, 2 %119 = icmp eq i32 %118, 0 br i1 %119, label %120, label %121 br label %121 %122 = phi i64 [ 9223372036854775807, %120 ], [ 2147483647, %114 ], [ 2147483647, %103 ] %123 = icmp eq i64 %107, %122 br i1 %123, label %827, label %124 %125 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 3 %126 = load i64, i64* %125, align 8 %127 = icmp eq i64 %126, %107 br i1 %127, label %197, label %128 %198 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 2 %199 = load %struct.fname*, %struct.fname** %198, align 8 %200 = icmp eq %struct.fname* %199, null br i1 %200, label %271, label %201 %202 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %203 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %202, i64 0, i32 8 %204 = load %struct.super_block.100615*, %struct.super_block.100615** %203, align 8 %205 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 0 %206 = load i32, i32* %205, align 8 %207 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 1 %208 = load i32, i32* %207, align 4 br i1 %110, label %209, label %218 %210 = and i32 %105, 1024 %211 = icmp eq i32 %210, 0 br i1 %211, label %212, label %221 %213 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %214 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %213, i64 0, i32 0, i32 1 %215 = load i32, i32* %214, align 8 %216 = and i32 %215, 2 %217 = icmp eq i32 %216, 0 br i1 %217, label %221, label %218 %222 = lshr i32 %206, 1 %223 = zext i32 %222 to i64 %224 = shl nuw nsw i64 %223, 32 %225 = zext i32 %208 to i64 %226 = or i64 %224, %225 br label %227 %228 = phi i64 [ %220, %218 ], [ %226, %221 ] store i64 %228, i64* %106, align 8 %229 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %204, i64 0, i32 30 %230 = bitcast i8** %229 to %struct.ext4_sb_info.158692** %231 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %232 %233 = phi %struct.fname* [ %199, %227 ], [ %265, %263 ] %234 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 7, i64 0 %235 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 5 %236 = load i8, i8* %235, align 4 %237 = zext i8 %236 to i32 %238 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 4 %239 = load i32, i32* %238, align 8 %240 = zext i32 %239 to i64 %241 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 6 %242 = load i8, i8* %241, align 1 %243 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %230, align 64 %244 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %243, i64 0, i32 15 %245 = load %struct.ext4_super_block*, %struct.ext4_super_block** %244, align 8 %246 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %245, i64 0, i32 29 %247 = load i32, i32* %246, align 8 %248 = and i32 %247, 2 %249 = icmp eq i32 %248, 0 %250 = icmp ugt i8 %242, 7 %251 = or i1 %250, %249 br i1 %251, label %256, label %252 %253 = zext i8 %242 to i64 %254 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %253 %255 = load i8, i8* %254, align 1 br label %256 %257 = phi i8 [ %255, %252 ], [ 0, %232 ] %258 = zext i8 %257 to i32 %259 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %231, align 8 %260 = load i64, i64* %106, align 8 %261 = tail call i32 %259(%struct.dir_context* %1, i8* %234, i32 %237, i64 %260, i64 %240, i32 %258) #69 %262 = icmp eq i32 %261, 0 br i1 %262, label %263, label %267 %264 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 3 %265 = load %struct.fname*, %struct.fname** %264, align 8 %266 = icmp eq %struct.fname* %265, null br i1 %266, label %270, label %232 store %struct.fname* null, %struct.fname** %198, align 8 br label %455 %456 = phi i32 [ 0, %270 ], [ %368, %383 ], [ %368, %448 ] %457 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %458 = load %struct.rb_node*, %struct.rb_node** %457, align 8 %459 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %458) #69 store %struct.rb_node* %459, %struct.rb_node** %457, align 8 %460 = icmp eq %struct.rb_node* %459, null %461 = bitcast %struct.rb_node* %459 to i8* br i1 %460, label %471, label %462 %472 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %473 = load i32, i32* %472, align 8 %474 = icmp eq i32 %473, -1 br i1 %474, label %475, label %491 %492 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 store i32 %473, i32* %492, align 8 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 store i32 0, i32* %493, align 4 br label %281 %282 = phi i8* [ %461, %462 ], [ %461, %491 ], [ %275, %271 ], [ %280, %276 ] %283 = phi %struct.rb_node* [ %459, %462 ], [ null, %491 ], [ %273, %271 ], [ %279, %276 ] %284 = phi i32 [ %456, %462 ], [ %456, %491 ], [ 0, %271 ], [ 0, %276 ] %285 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %286 = icmp eq %struct.rb_node* %283, null br i1 %286, label %294, label %287 %288 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 %289 = load i64, i64* %288, align 8 %290 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %291 = load volatile i64, i64* %290, align 8 %292 = lshr i64 %291, 1 %293 = icmp eq i64 %292, %289 br i1 %293, label %366, label %294 store %struct.rb_node* null, %struct.rb_node** %285, align 8 %295 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0 %296 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %295) #69 %297 = icmp eq %struct.rb_node* %296, null %298 = getelementptr %struct.rb_node, %struct.rb_node* %296, i64 -1, i32 2 %299 = icmp eq %struct.rb_node** %298, null %300 = or i1 %297, %299 br i1 %300, label %320, label %301 %302 = bitcast %struct.rb_node** %298 to %struct.fname* br label %305 %306 = phi %struct.fname* [ %312, %303 ], [ %302, %301 ] %307 = getelementptr inbounds %struct.fname, %struct.fname* %306, i64 0, i32 2 %308 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %307) #69 %309 = icmp eq %struct.rb_node* %308, null %310 = getelementptr %struct.rb_node, %struct.rb_node* %308, i64 -1, i32 2 %311 = bitcast %struct.rb_node** %310 to %struct.fname* %312 = select i1 %309, %struct.fname* null, %struct.fname* %311 %313 = icmp eq %struct.fname* %306, null br i1 %313, label %303, label %314 %315 = phi %struct.fname* [ %317, %314 ], [ %306, %305 ] %316 = getelementptr inbounds %struct.fname, %struct.fname* %315, i64 0, i32 3 %317 = load %struct.fname*, %struct.fname** %316, align 8 %318 = bitcast %struct.fname* %315 to i8* tail call void @kfree(i8* nonnull %318) #69 %319 = icmp eq %struct.fname* %317, null br i1 %319, label %303, label %314 %304 = icmp eq %struct.fname* %312, null br i1 %304, label %320, label %305 %321 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %321, align 8 %322 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %323 = load volatile i64, i64* %322, align 8 br label %324 %325 = phi i64 [ %323, %320 ], [ %331, %329 ] %326 = and i64 %325, 1 %327 = icmp eq i64 %326, 0 br i1 %327, label %329, label %328 %330 = or i64 %325, 1 %331 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %322, i64 %330, i64 %325, i64* %322) #6, !srcloc !6 %332 = icmp eq i64 %331, %325 br i1 %332, label %333, label %324, !prof !7, !misexpect !8 %334 = lshr i64 %325, 1 %335 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 store i64 %334, i64* %335, align 8 %336 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 %337 = load i32, i32* %336, align 8 %338 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 %339 = load i32, i32* %338, align 4 %340 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %341 = tail call i32 @ext4_htree_fill_tree(%struct.file.100641* %0, i32 %337, i32 %339, i32* %340) #69 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 2 %13 = load %struct.inode.100633*, %struct.inode.100633** %12, align 8 %14 = getelementptr %struct.inode.100633, %struct.inode.100633* %13, i64 -1, i32 38 %15 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %14, i64 10 %16 = bitcast %struct.file_operations.100630** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 4096 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %54 %21 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %13, i64 0, i32 8 %22 = load %struct.super_block.100615*, %struct.super_block.100615** %21, align 8 %23 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %22, i64 0, i32 30 %24 = bitcast i8** %23 to %struct.ext4_sb_info.165163** %25 = load %struct.ext4_sb_info.165163*, %struct.ext4_sb_info.165163** %24, align 64 %26 = getelementptr inbounds %struct.ext4_sb_info.165163, %struct.ext4_sb_info.165163* %25, i64 0, i32 34 %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 2 store i32 %27, i32* %28, align 8 %29 = icmp slt i32 %27, 3 br i1 %29, label %30, label %34 %31 = getelementptr inbounds %struct.ext4_sb_info.165163, %struct.ext4_sb_info.165163* %25, i64 0, i32 35 %32 = load i32, i32* %31, align 16 %33 = add i32 %32, %27 store i32 %33, i32* %28, align 8 br label %34 %35 = getelementptr inbounds %struct.ext4_sb_info.165163, %struct.ext4_sb_info.165163* %25, i64 0, i32 33, i64 0 %36 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 3 store i32* %35, i32** %36, align 8 %37 = load volatile i64, i64* %16, align 8 %38 = and i64 %37, 268435456 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = bitcast %struct.file_operations.100630** %14 to %struct.ext4_inode_info* %42 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %41, i64 0, i32 28 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 0 br i1 %44, label %52, label %45 %46 = bitcast i32* %8 to i8* store i32 1, i32* %8, align 4 %47 = call i32 bitcast (i32 (%struct.file.162035*, %struct.inode.162177*, i32, %struct.dx_hash_info*, i32, i32, i32*)* @htree_inlinedir_to_tree to i32 (%struct.file.100641*, %struct.inode.100633*, i32, %struct.dx_hash_info*, i32, i32, i32*)*)(%struct.file.100641* %0, %struct.inode.100633* %13, i32 0, %struct.dx_hash_info* nonnull %5, i32 %1, i32 %2, i32* nonnull %8) #69 Function:htree_inlinedir_to_tree %8 = alloca %struct.ext4_iloc.162269, align 8 %9 = alloca %struct.ext4_dir_entry_2, align 4 %10 = getelementptr inbounds %struct.ext4_dir_entry_2, %struct.ext4_dir_entry_2* %9, i64 0, i32 2 %11 = getelementptr inbounds %struct.ext4_dir_entry_2, %struct.ext4_dir_entry_2* %9, i64 0, i32 4 %12 = alloca %struct.uuidcmp, align 8 %13 = getelementptr inbounds %struct.file.162035, %struct.file.162035* %0, i64 0, i32 2 %14 = load %struct.inode.162177*, %struct.inode.162177** %13, align 8 %15 = bitcast %struct.ext4_iloc.162269* %8 to i8* %16 = bitcast %struct.ext4_dir_entry_2* %9 to i8* %17 = bitcast %struct.uuidcmp* %12 to i8* %18 = call i32 @ext4_get_inode_loc(%struct.inode.162177* %14, %struct.ext4_iloc.162269* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_read_inline_dir 1 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 2 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 8 %8 = load %struct.super_block.100615*, %struct.super_block.100615** %7, align 8 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %6, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 2048 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %827 %16 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 30 %17 = bitcast i8** %16 to %struct.ext4_sb_info.158692** %18 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %17, align 64 %19 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %18, i64 0, i32 15 %20 = load %struct.ext4_super_block*, %struct.ext4_super_block** %19, align 8 %21 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %20, i64 0, i32 28 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 32 %24 = icmp eq i32 %23, 0 br i1 %24, label %530, label %25 %26 = load volatile i64, i64* %11, align 8 %27 = and i64 %26, 4096 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %46 %30 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 14 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %8, i64 0, i32 2 %33 = load i8, i8* %32, align 4 %34 = zext i8 %33 to i64 %35 = ashr i64 %31, %34 %36 = icmp eq i64 %35, 1 br i1 %36, label %46, label %37 %38 = load volatile i64, i64* %11, align 8 %39 = and i64 %38, 268435456 %40 = icmp eq i64 %39, 0 br i1 %40, label %530, label %41 %42 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %43 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %42, i64 0, i32 28 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, 0 br i1 %45, label %530, label %46 %47 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 16 %48 = bitcast i8** %47 to %struct.dir_private_info** %49 = load %struct.dir_private_info*, %struct.dir_private_info** %48, align 8 %50 = icmp eq %struct.dir_private_info* %49, null br i1 %50, label %54, label %51 %55 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %56 = load i64, i64* %55, align 8 %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 6), align 16 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 6324416, i64 48) #69 %59 = icmp eq i8* %58, null br i1 %59, label %827, label %60 %61 = bitcast i8* %58 to %struct.dir_private_info* %62 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %63 = load i32, i32* %62, align 4 %64 = and i32 %63, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %86 %67 = and i32 %63, 1024 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %91 %70 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %71 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %70, i64 0, i32 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 2 %74 = icmp eq i32 %73, 0 %75 = trunc i64 %56 to i32 %76 = shl i32 %75, 1 %77 = lshr i64 %56, 31 %78 = trunc i64 %77 to i32 %79 = and i32 %78, -2 %80 = select i1 %74, i32 %79, i32 %76 %81 = getelementptr inbounds i8, i8* %58, i64 32 %82 = bitcast i8* %81 to i32* store i32 %80, i32* %82, align 8 %83 = load i32, i32* %71, align 8 %84 = and i32 %83, 2 %85 = icmp eq i32 %84, 0 br i1 %85, label %97, label %99 %98 = trunc i64 %56 to i32 br label %99 %100 = phi i32 [ %98, %97 ], [ 0, %69 ], [ 0, %86 ] %101 = getelementptr inbounds i8, i8* %58, i64 36 %102 = bitcast i8* %101 to i32* store i32 %100, i32* %102, align 4 store i8* %58, i8** %47, align 8 br label %103 %104 = phi %struct.dir_private_info* [ %49, %51 ], [ %61, %99 ] %105 = phi i32 [ %53, %51 ], [ %63, %99 ] %106 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 8 %109 = and i32 %105, 512 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 %112 = and i32 %105, 1024 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %120 %115 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %116 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %115, i64 0, i32 0, i32 1 %117 = load i32, i32* %116, align 8 %118 = and i32 %117, 2 %119 = icmp eq i32 %118, 0 br i1 %119, label %120, label %121 br label %121 %122 = phi i64 [ 9223372036854775807, %120 ], [ 2147483647, %114 ], [ 2147483647, %103 ] %123 = icmp eq i64 %107, %122 br i1 %123, label %827, label %124 %125 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 3 %126 = load i64, i64* %125, align 8 %127 = icmp eq i64 %126, %107 br i1 %127, label %197, label %128 %198 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 2 %199 = load %struct.fname*, %struct.fname** %198, align 8 %200 = icmp eq %struct.fname* %199, null br i1 %200, label %271, label %201 %202 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %203 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %202, i64 0, i32 8 %204 = load %struct.super_block.100615*, %struct.super_block.100615** %203, align 8 %205 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 0 %206 = load i32, i32* %205, align 8 %207 = getelementptr inbounds %struct.fname, %struct.fname* %199, i64 0, i32 1 %208 = load i32, i32* %207, align 4 br i1 %110, label %209, label %218 %210 = and i32 %105, 1024 %211 = icmp eq i32 %210, 0 br i1 %211, label %212, label %221 %213 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %214 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %213, i64 0, i32 0, i32 1 %215 = load i32, i32* %214, align 8 %216 = and i32 %215, 2 %217 = icmp eq i32 %216, 0 br i1 %217, label %221, label %218 %222 = lshr i32 %206, 1 %223 = zext i32 %222 to i64 %224 = shl nuw nsw i64 %223, 32 %225 = zext i32 %208 to i64 %226 = or i64 %224, %225 br label %227 %228 = phi i64 [ %220, %218 ], [ %226, %221 ] store i64 %228, i64* %106, align 8 %229 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %204, i64 0, i32 30 %230 = bitcast i8** %229 to %struct.ext4_sb_info.158692** %231 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %232 %233 = phi %struct.fname* [ %199, %227 ], [ %265, %263 ] %234 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 7, i64 0 %235 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 5 %236 = load i8, i8* %235, align 4 %237 = zext i8 %236 to i32 %238 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 4 %239 = load i32, i32* %238, align 8 %240 = zext i32 %239 to i64 %241 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 6 %242 = load i8, i8* %241, align 1 %243 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %230, align 64 %244 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %243, i64 0, i32 15 %245 = load %struct.ext4_super_block*, %struct.ext4_super_block** %244, align 8 %246 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %245, i64 0, i32 29 %247 = load i32, i32* %246, align 8 %248 = and i32 %247, 2 %249 = icmp eq i32 %248, 0 %250 = icmp ugt i8 %242, 7 %251 = or i1 %250, %249 br i1 %251, label %256, label %252 %253 = zext i8 %242 to i64 %254 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %253 %255 = load i8, i8* %254, align 1 br label %256 %257 = phi i8 [ %255, %252 ], [ 0, %232 ] %258 = zext i8 %257 to i32 %259 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %231, align 8 %260 = load i64, i64* %106, align 8 %261 = tail call i32 %259(%struct.dir_context* %1, i8* %234, i32 %237, i64 %260, i64 %240, i32 %258) #69 %262 = icmp eq i32 %261, 0 br i1 %262, label %263, label %267 %264 = getelementptr inbounds %struct.fname, %struct.fname* %233, i64 0, i32 3 %265 = load %struct.fname*, %struct.fname** %264, align 8 %266 = icmp eq %struct.fname* %265, null br i1 %266, label %270, label %232 store %struct.fname* null, %struct.fname** %198, align 8 br label %455 %456 = phi i32 [ 0, %270 ], [ %368, %383 ], [ %368, %448 ] %457 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %458 = load %struct.rb_node*, %struct.rb_node** %457, align 8 %459 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %458) #69 store %struct.rb_node* %459, %struct.rb_node** %457, align 8 %460 = icmp eq %struct.rb_node* %459, null %461 = bitcast %struct.rb_node* %459 to i8* br i1 %460, label %471, label %462 %472 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %473 = load i32, i32* %472, align 8 %474 = icmp eq i32 %473, -1 br i1 %474, label %475, label %491 %492 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 store i32 %473, i32* %492, align 8 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 store i32 0, i32* %493, align 4 br label %281 %282 = phi i8* [ %461, %462 ], [ %461, %491 ], [ %275, %271 ], [ %280, %276 ] %283 = phi %struct.rb_node* [ %459, %462 ], [ null, %491 ], [ %273, %271 ], [ %279, %276 ] %284 = phi i32 [ %456, %462 ], [ %456, %491 ], [ 0, %271 ], [ 0, %276 ] %285 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 1 %286 = icmp eq %struct.rb_node* %283, null br i1 %286, label %294, label %287 %288 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 %289 = load i64, i64* %288, align 8 %290 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %291 = load volatile i64, i64* %290, align 8 %292 = lshr i64 %291, 1 %293 = icmp eq i64 %292, %289 br i1 %293, label %366, label %294 store %struct.rb_node* null, %struct.rb_node** %285, align 8 %295 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0 %296 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %295) #69 %297 = icmp eq %struct.rb_node* %296, null %298 = getelementptr %struct.rb_node, %struct.rb_node* %296, i64 -1, i32 2 %299 = icmp eq %struct.rb_node** %298, null %300 = or i1 %297, %299 br i1 %300, label %320, label %301 %302 = bitcast %struct.rb_node** %298 to %struct.fname* br label %305 %306 = phi %struct.fname* [ %312, %303 ], [ %302, %301 ] %307 = getelementptr inbounds %struct.fname, %struct.fname* %306, i64 0, i32 2 %308 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %307) #69 %309 = icmp eq %struct.rb_node* %308, null %310 = getelementptr %struct.rb_node, %struct.rb_node* %308, i64 -1, i32 2 %311 = bitcast %struct.rb_node** %310 to %struct.fname* %312 = select i1 %309, %struct.fname* null, %struct.fname* %311 %313 = icmp eq %struct.fname* %306, null br i1 %313, label %303, label %314 %315 = phi %struct.fname* [ %317, %314 ], [ %306, %305 ] %316 = getelementptr inbounds %struct.fname, %struct.fname* %315, i64 0, i32 3 %317 = load %struct.fname*, %struct.fname** %316, align 8 %318 = bitcast %struct.fname* %315 to i8* tail call void @kfree(i8* nonnull %318) #69 %319 = icmp eq %struct.fname* %317, null br i1 %319, label %303, label %314 %304 = icmp eq %struct.fname* %312, null br i1 %304, label %320, label %305 %321 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %321, align 8 %322 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %6, i64 0, i32 33, i32 0 %323 = load volatile i64, i64* %322, align 8 br label %324 %325 = phi i64 [ %323, %320 ], [ %331, %329 ] %326 = and i64 %325, 1 %327 = icmp eq i64 %326, 0 br i1 %327, label %329, label %328 %330 = or i64 %325, 1 %331 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %322, i64 %330, i64 %325, i64* %322) #6, !srcloc !6 %332 = icmp eq i64 %331, %325 br i1 %332, label %333, label %324, !prof !7, !misexpect !8 %334 = lshr i64 %325, 1 %335 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 14 store i64 %334, i64* %335, align 8 %336 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 4 %337 = load i32, i32* %336, align 8 %338 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 5 %339 = load i32, i32* %338, align 4 %340 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %104, i64 0, i32 6 %341 = tail call i32 @ext4_htree_fill_tree(%struct.file.100641* %0, i32 %337, i32 %339, i32* %340) #69 %342 = icmp slt i32 %341, 0 br i1 %342, label %343, label %345 %344 = load i64, i64* %106, align 8 store i64 %344, i64* %125, align 8 br label %500 %501 = phi i32 [ %341, %343 ], [ %498, %496 ] %502 = icmp eq i32 %501, -4094 br i1 %502, label %503, label %827 %504 = load %struct.ext4_sb_info.158692*, %struct.ext4_sb_info.158692** %17, align 64 %505 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %504, i64 0, i32 15 %506 = load %struct.ext4_super_block*, %struct.ext4_super_block** %505, align 8 %507 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %506, i64 0, i32 30 %508 = load i32, i32* %507, align 4 %509 = and i32 %508, 1024 %510 = icmp eq i32 %509, 0 br i1 %510, label %527, label %511 %512 = getelementptr inbounds %struct.ext4_sb_info.158692, %struct.ext4_sb_info.158692* %504, i64 0, i32 102 %513 = load %struct.crypto_shash.158674*, %struct.crypto_shash.158674** %512, align 8 %514 = icmp eq %struct.crypto_shash.158674* %513, null br i1 %514, label %515, label %530, !prof !9, !misexpect !10 %531 = load volatile i64, i64* %11, align 8 %532 = and i64 %531, 268435456 %533 = icmp eq i64 %532, 0 br i1 %533, label %544, label %534 %535 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %536 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %535, i64 0, i32 28 %537 = load i16, i16* %536, align 2 %538 = icmp eq i16 %537, 0 br i1 %538, label %544, label %539 %540 = bitcast i32* %3 to i8* store i32 1, i32* %3, align 4 %541 = call i32 bitcast (i32 (%struct.file.162035*, %struct.dir_context*, i32*)* @ext4_read_inline_dir to i32 (%struct.file.100641*, %struct.dir_context*, i32*)*)(%struct.file.100641* %0, %struct.dir_context* %1, i32* nonnull %3) #69 Function:ext4_read_inline_dir %4 = alloca %struct.ext4_iloc.162269, align 8 %5 = getelementptr inbounds %struct.file.162035, %struct.file.162035* %0, i64 0, i32 2 %6 = load %struct.inode.162177*, %struct.inode.162177** %5, align 8 %7 = bitcast %struct.ext4_iloc.162269* %4 to i8* %8 = call i32 @ext4_get_inode_loc(%struct.inode.162177* %6, %struct.ext4_iloc.162269* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_find_inline_entry 1 __ext4_find_entry 2 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.100637, %struct.dentry.100637* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %82, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.100637, %struct.dentry.100637* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.100637, %struct.dentry.100637* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 %22 = call fastcc %struct.buffer_head.158656* @__ext4_find_entry(%struct.inode.100633* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #69 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.158656*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.158656*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %0, i64 0, i32 8 %14 = load %struct.super_block.100615*, %struct.super_block.100615** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.util_est** %16 = load %struct.util_est*, %struct.util_est** %15, align 8 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %450, label %20 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %22 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %21, i64 10 %23 = bitcast %struct.file_operations.100630** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = and i64 %24, 268435456 %26 = icmp eq i64 %25, 0 br i1 %26, label %42, label %27 %28 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_inode_info* %29 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %28, i64 0, i32 28 %30 = load i16, i16* %29, align 2 %31 = icmp eq i16 %30, 0 br i1 %31, label %42, label %32 %33 = bitcast i32* %7 to i8* store i32 1, i32* %7, align 4 %34 = call %struct.buffer_head.158656* bitcast (%struct.buffer_head.162268* (%struct.inode.162177*, %struct.ext4_filename*, %struct.ext4_dir_entry_2**, i32*)* @ext4_find_inline_entry to %struct.buffer_head.158656* (%struct.inode.100633*, %struct.ext4_filename*, %struct.ext4_dir_entry_2**, i32*)*)(%struct.inode.100633* %0, %struct.ext4_filename* %1, %struct.ext4_dir_entry_2** %2, i32* nonnull %7) #69 Function:ext4_find_inline_entry %5 = alloca %struct.ext4_iloc.162269, align 8 %6 = bitcast %struct.ext4_iloc.162269* %5 to i8* %7 = call i32 @ext4_get_inode_loc(%struct.inode.162177* %0, %struct.ext4_iloc.162269* nonnull %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_inline_data_fiemap 1 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %16 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %17 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %16, i64 0, i32 28 %18 = load i16, i16* %17, align 2 %19 = icmp eq i16 %18, 0 br i1 %19, label %25, label %20 %21 = bitcast i32* %8 to i8* store i32 1, i32* %8, align 4 %22 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.fiemap_extent_info*, i32*, i64, i64)* @ext4_inline_data_fiemap to i32 (%struct.inode.100633*, %struct.fiemap_extent_info*, i32*, i64, i64)*)(%struct.inode.100633* %0, %struct.fiemap_extent_info* %1, i32* nonnull %8, i64 %2, i64 %3) #69 Function:ext4_inline_data_fiemap %6 = alloca %struct.ext4_iloc.162269, align 8 %7 = bitcast %struct.ext4_iloc.162269* %6 to i8* %8 = getelementptr %struct.inode.162177, %struct.inode.162177* %0, i64 -1, i32 38 %9 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 11 %10 = bitcast %struct.file_operations.162013** %9 to %struct.rw_semaphore.161980* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.161980*)*)(%struct.rw_semaphore.161980* %10) #69 %11 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 10 %12 = bitcast %struct.file_operations.162013** %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 268435456 %15 = icmp eq i64 %14, 0 br i1 %15, label %21, label %16 %17 = bitcast %struct.file_operations.162013** %8 to %struct.ext4_inode_info.162301* %18 = getelementptr inbounds %struct.ext4_inode_info.162301, %struct.ext4_inode_info.162301* %17, i64 0, i32 28 %19 = load i16, i16* %18, align 2 %20 = icmp eq i16 %19, 0 br i1 %20, label %21, label %22 %23 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 117 %24 = bitcast %struct.file_operations.162013** %23 to i16* %25 = load i16, i16* %24, align 8 %26 = zext i16 %25 to i64 %27 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %0, i64 0, i32 14 %28 = load i64, i64* %27, align 8 %29 = icmp ugt i64 %28, %26 %30 = select i1 %29, i64 %26, i64 %28 %31 = icmp ugt i64 %30, %3 br i1 %31, label %32, label %56 %33 = add i64 %4, %3 %34 = icmp ult i64 %33, %30 %35 = select i1 %34, i64 %33, i64 %30 %36 = sub i64 %35, %3 %37 = call i32 @ext4_get_inode_loc(%struct.inode.162177* %0, %struct.ext4_iloc.162269* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_inline_data_fiemap 1 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %16 = bitcast %struct.file_operations.100630** %9 to %struct.ext4_inode_info* %17 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %16, i64 0, i32 28 %18 = load i16, i16* %17, align 2 %19 = icmp eq i16 %18, 0 br i1 %19, label %25, label %20 %21 = bitcast i32* %8 to i8* store i32 1, i32* %8, align 4 %22 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.fiemap_extent_info*, i32*, i64, i64)* @ext4_inline_data_fiemap to i32 (%struct.inode.100633*, %struct.fiemap_extent_info*, i32*, i64, i64)*)(%struct.inode.100633* %0, %struct.fiemap_extent_info* %1, i32* nonnull %8, i64 %2, i64 %3) #69 Function:ext4_inline_data_fiemap %6 = alloca %struct.ext4_iloc.162269, align 8 %7 = bitcast %struct.ext4_iloc.162269* %6 to i8* %8 = getelementptr %struct.inode.162177, %struct.inode.162177* %0, i64 -1, i32 38 %9 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 11 %10 = bitcast %struct.file_operations.162013** %9 to %struct.rw_semaphore.161980* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.161980*)*)(%struct.rw_semaphore.161980* %10) #69 %11 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 10 %12 = bitcast %struct.file_operations.162013** %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 268435456 %15 = icmp eq i64 %14, 0 br i1 %15, label %21, label %16 %17 = bitcast %struct.file_operations.162013** %8 to %struct.ext4_inode_info.162301* %18 = getelementptr inbounds %struct.ext4_inode_info.162301, %struct.ext4_inode_info.162301* %17, i64 0, i32 28 %19 = load i16, i16* %18, align 2 %20 = icmp eq i16 %19, 0 br i1 %20, label %21, label %22 %23 = getelementptr inbounds %struct.file_operations.162013*, %struct.file_operations.162013** %8, i64 117 %24 = bitcast %struct.file_operations.162013** %23 to i16* %25 = load i16, i16* %24, align 8 %26 = zext i16 %25 to i64 %27 = getelementptr inbounds %struct.inode.162177, %struct.inode.162177* %0, i64 0, i32 14 %28 = load i64, i64* %27, align 8 %29 = icmp ugt i64 %28, %26 %30 = select i1 %29, i64 %26, i64 %28 %31 = icmp ugt i64 %30, %3 br i1 %31, label %32, label %56 %33 = add i64 %4, %3 %34 = icmp ult i64 %33, %30 %35 = select i1 %34, i64 %33, i64 %30 %36 = sub i64 %35, %3 %37 = call i32 @ext4_get_inode_loc(%struct.inode.162177* %0, %struct.ext4_iloc.162269* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %33, label %30 %31 = call i32 @ext4_ext_precache(%struct.inode.100633* %0) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %333 %34 = load volatile i64, i64* %11, align 8 %35 = and i64 %34, 524288 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %39 %40 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 3) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %333 %43 = load i32, i32* %26, align 8 %44 = and i32 %43, 2 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %0, i64 0, i32 8 %47 = load %struct.super_block.100615*, %struct.super_block.100615** %46, align 8 %48 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %47, i64 0, i32 2 %49 = load i8, i8* %48, align 4 br i1 %45, label %101, label %50 %51 = load volatile i64, i64* %11, align 8 %52 = and i64 %51, 17179869184 %53 = icmp eq i64 %52, 0 br i1 %53, label %84, label %54 %55 = bitcast %struct.ext4_iloc* %5 to i8* %56 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.ext4_iloc.162269*)* @ext4_get_inode_loc to i32 (%struct.inode.100633*, %struct.ext4_iloc*)*)(%struct.inode.100633* %0, %struct.ext4_iloc* nonnull %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = alloca %struct.ext4_iloc, align 8 %6 = alloca %struct.extent_status, align 8 %7 = alloca %struct.ext4_ext_path*, align 8 %8 = alloca i32, align 4 %9 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %10 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %9, i64 10 %11 = bitcast %struct.file_operations.100630** %10 to i64* %12 = load volatile i64, i64* %11, align 8 %13 = and i64 %12, 268435456 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %33, label %30 %31 = call i32 @ext4_ext_precache(%struct.inode.100633* %0) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %333 %34 = load volatile i64, i64* %11, align 8 %35 = and i64 %34, 524288 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %39 %40 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 3) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %333 %43 = load i32, i32* %26, align 8 %44 = and i32 %43, 2 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %0, i64 0, i32 8 %47 = load %struct.super_block.100615*, %struct.super_block.100615** %46, align 8 %48 = getelementptr inbounds %struct.super_block.100615, %struct.super_block.100615* %47, i64 0, i32 2 %49 = load i8, i8* %48, align 4 br i1 %45, label %101, label %50 %51 = load volatile i64, i64* %11, align 8 %52 = and i64 %51, 17179869184 %53 = icmp eq i64 %52, 0 br i1 %53, label %84, label %54 %55 = bitcast %struct.ext4_iloc* %5 to i8* %56 = call i32 bitcast (i32 (%struct.inode.162177*, %struct.ext4_iloc.162269*)* @ext4_get_inode_loc to i32 (%struct.inode.100633*, %struct.ext4_iloc*)*)(%struct.inode.100633* %0, %struct.ext4_iloc* nonnull %5) #69 ------------- Good: 57 Bad: 10 Ignored: 62 Check Use of Function:drm_dbg Use: =BAD PATH= Call Stack: 0 i915_perf_remove_config_ioctl ------------- Path:  Function:i915_perf_remove_config_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = bitcast i8* %1 to i64* %8 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.38764, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private** %7 = load %struct.drm_i915_private*, %struct.drm_i915_private** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %7, i64 0, i32 126, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %7, i64 0, i32 126, i32 1 %15 = load %struct.kobject.356495*, %struct.kobject.356495** %14, align 8 %16 = icmp eq %struct.kobject.356495* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %24, label %21 %25 = getelementptr inbounds i8, i8* %1, i64 48 %26 = bitcast i8* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %34, label %29 %30 = getelementptr inbounds i8, i8* %1, i64 36 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %55 %35 = getelementptr inbounds i8, i8* %1, i64 56 %36 = bitcast i8* %35 to i64* %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %44, label %39 %40 = getelementptr inbounds i8, i8* %1, i64 40 %41 = bitcast i8* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %55 %45 = getelementptr inbounds i8, i8* %1, i64 64 %46 = bitcast i8* %45 to i64* %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %54, label %49 %50 = getelementptr inbounds i8, i8* %1, i64 44 %51 = bitcast i8* %50 to i32* %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %55 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.5.38806, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private** %7 = load %struct.drm_i915_private*, %struct.drm_i915_private** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %7, i64 0, i32 126, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %7, i64 0, i32 126, i32 1 %15 = load %struct.kobject.356495*, %struct.kobject.356495** %14, align 8 %16 = icmp eq %struct.kobject.356495* %15, null br i1 %16, label %17, label %18 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.3.38779, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private** %7 = load %struct.drm_i915_private*, %struct.drm_i915_private** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %7, i64 0, i32 126, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.38764, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 %28 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 7, i32 20 %29 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 7, i32 17 br label %31 %32 = phi i32 [ 0, %27 ], [ %113, %112 ] %33 = phi i8 [ 0, %27 ], [ %114, %112 ] %34 = phi i64 [ 0, %27 ], [ %115, %112 ] %35 = phi i32 [ 0, %27 ], [ %116, %112 ] %36 = phi i32 [ 0, %27 ], [ %117, %112 ] %37 = phi i8 [ 0, %27 ], [ %118, %112 ] %38 = phi i32 [ 0, %27 ], [ %119, %112 ] %39 = phi i64* [ %19, %27 ], [ %120, %112 ] %40 = phi i32 [ 0, %27 ], [ %121, %112 ] %42 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 8, i64 %41) #6, !srcloc !5 %43 = extractvalue { i64*, i64, i64 } %42, 0 %44 = extractvalue { i64*, i64, i64 } %42, 1 %45 = extractvalue { i64*, i64, i64 } %42, 2 %46 = ptrtoint i64* %43 to i64 %47 = trunc i64 %46 to i32 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %537 %51 = getelementptr i64, i64* %39, i64 1 %52 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 8, i64 %50) #6, !srcloc !6 %53 = extractvalue { i64*, i64, i64 } %52, 0 %54 = extractvalue { i64*, i64, i64 } %52, 1 %55 = extractvalue { i64*, i64, i64 } %52, 2 %56 = ptrtoint i64* %53 to i64 %57 = trunc i64 %56 to i32 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %541 %60 = add i64 %44, -1 %61 = icmp ugt i64 %60, 4 br i1 %61, label %62, label %63 %64 = trunc i64 %44 to i32 switch i32 %64, label %112 [ i32 1, label %65 i32 2, label %66 i32 3, label %70 i32 4, label %75 i32 5, label %89 i32 6, label %110 ] %90 = icmp ugt i64 %54, 31 br i1 %90, label %91, label %92 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.29.38772, i64 0, i64 0), i32 31) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 %28 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 7, i32 20 %29 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 7, i32 17 br label %31 %32 = phi i32 [ 0, %27 ], [ %113, %112 ] %33 = phi i8 [ 0, %27 ], [ %114, %112 ] %34 = phi i64 [ 0, %27 ], [ %115, %112 ] %35 = phi i32 [ 0, %27 ], [ %116, %112 ] %36 = phi i32 [ 0, %27 ], [ %117, %112 ] %37 = phi i8 [ 0, %27 ], [ %118, %112 ] %38 = phi i32 [ 0, %27 ], [ %119, %112 ] %39 = phi i64* [ %19, %27 ], [ %120, %112 ] %40 = phi i32 [ 0, %27 ], [ %121, %112 ] %42 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 8, i64 %41) #6, !srcloc !5 %43 = extractvalue { i64*, i64, i64 } %42, 0 %44 = extractvalue { i64*, i64, i64 } %42, 1 %45 = extractvalue { i64*, i64, i64 } %42, 2 %46 = ptrtoint i64* %43 to i64 %47 = trunc i64 %46 to i32 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %537 %51 = getelementptr i64, i64* %39, i64 1 %52 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 8, i64 %50) #6, !srcloc !6 %53 = extractvalue { i64*, i64, i64 } %52, 0 %54 = extractvalue { i64*, i64, i64 } %52, 1 %55 = extractvalue { i64*, i64, i64 } %52, 2 %56 = ptrtoint i64* %53 to i64 %57 = trunc i64 %56 to i32 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %541 %60 = add i64 %44, -1 %61 = icmp ugt i64 %60, 4 br i1 %61, label %62, label %63 %64 = trunc i64 %44 to i32 switch i32 %64, label %112 [ i32 1, label %65 i32 2, label %66 i32 3, label %70 i32 4, label %75 i32 5, label %89 i32 6, label %110 ] %76 = add i64 %54, -1 %77 = icmp ugt i64 %76, 9 br i1 %77, label %78, label %80 %81 = load %struct.util_est*, %struct.util_est** %29, align 8 %82 = getelementptr %struct.util_est, %struct.util_est* %81, i64 %54, i32 1 %83 = load i32, i32* %82, align 4 %84 = icmp eq i32 %83, 0 br i1 %84, label %85, label %87 %86 = extractvalue { i64*, i64, i64 } %52, 1 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.28.38771, i64 0, i64 0), i64 %86) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 %28 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 7, i32 20 %29 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 7, i32 17 br label %31 %32 = phi i32 [ 0, %27 ], [ %113, %112 ] %33 = phi i8 [ 0, %27 ], [ %114, %112 ] %34 = phi i64 [ 0, %27 ], [ %115, %112 ] %35 = phi i32 [ 0, %27 ], [ %116, %112 ] %36 = phi i32 [ 0, %27 ], [ %117, %112 ] %37 = phi i8 [ 0, %27 ], [ %118, %112 ] %38 = phi i32 [ 0, %27 ], [ %119, %112 ] %39 = phi i64* [ %19, %27 ], [ %120, %112 ] %40 = phi i32 [ 0, %27 ], [ %121, %112 ] %42 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 8, i64 %41) #6, !srcloc !5 %43 = extractvalue { i64*, i64, i64 } %42, 0 %44 = extractvalue { i64*, i64, i64 } %42, 1 %45 = extractvalue { i64*, i64, i64 } %42, 2 %46 = ptrtoint i64* %43 to i64 %47 = trunc i64 %46 to i32 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %537 %51 = getelementptr i64, i64* %39, i64 1 %52 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 8, i64 %50) #6, !srcloc !6 %53 = extractvalue { i64*, i64, i64 } %52, 0 %54 = extractvalue { i64*, i64, i64 } %52, 1 %55 = extractvalue { i64*, i64, i64 } %52, 2 %56 = ptrtoint i64* %53 to i64 %57 = trunc i64 %56 to i32 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %541 %60 = add i64 %44, -1 %61 = icmp ugt i64 %60, 4 br i1 %61, label %62, label %63 %64 = trunc i64 %44 to i32 switch i32 %64, label %112 [ i32 1, label %65 i32 2, label %66 i32 3, label %70 i32 4, label %75 i32 5, label %89 i32 6, label %110 ] %76 = add i64 %54, -1 %77 = icmp ugt i64 %76, 9 br i1 %77, label %78, label %80 %79 = extractvalue { i64*, i64, i64 } %52, 1 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.27.38770, i64 0, i64 0), i64 %79) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 %28 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 7, i32 20 %29 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 7, i32 17 br label %31 %32 = phi i32 [ 0, %27 ], [ %113, %112 ] %33 = phi i8 [ 0, %27 ], [ %114, %112 ] %34 = phi i64 [ 0, %27 ], [ %115, %112 ] %35 = phi i32 [ 0, %27 ], [ %116, %112 ] %36 = phi i32 [ 0, %27 ], [ %117, %112 ] %37 = phi i8 [ 0, %27 ], [ %118, %112 ] %38 = phi i32 [ 0, %27 ], [ %119, %112 ] %39 = phi i64* [ %19, %27 ], [ %120, %112 ] %40 = phi i32 [ 0, %27 ], [ %121, %112 ] %42 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 8, i64 %41) #6, !srcloc !5 %43 = extractvalue { i64*, i64, i64 } %42, 0 %44 = extractvalue { i64*, i64, i64 } %42, 1 %45 = extractvalue { i64*, i64, i64 } %42, 2 %46 = ptrtoint i64* %43 to i64 %47 = trunc i64 %46 to i32 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %537 %51 = getelementptr i64, i64* %39, i64 1 %52 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 8, i64 %50) #6, !srcloc !6 %53 = extractvalue { i64*, i64, i64 } %52, 0 %54 = extractvalue { i64*, i64, i64 } %52, 1 %55 = extractvalue { i64*, i64, i64 } %52, 2 %56 = ptrtoint i64* %53 to i64 %57 = trunc i64 %56 to i32 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %541 %60 = add i64 %44, -1 %61 = icmp ugt i64 %60, 4 br i1 %61, label %62, label %63 %64 = trunc i64 %44 to i32 switch i32 %64, label %112 [ i32 1, label %65 i32 2, label %66 i32 3, label %70 i32 4, label %75 i32 5, label %89 i32 6, label %110 ] %71 = icmp eq i64 %54, 0 br i1 %71, label %72, label %73 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.26.38769, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 %28 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 7, i32 20 %29 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 7, i32 17 br label %31 %32 = phi i32 [ 0, %27 ], [ %113, %112 ] %33 = phi i8 [ 0, %27 ], [ %114, %112 ] %34 = phi i64 [ 0, %27 ], [ %115, %112 ] %35 = phi i32 [ 0, %27 ], [ %116, %112 ] %36 = phi i32 [ 0, %27 ], [ %117, %112 ] %37 = phi i8 [ 0, %27 ], [ %118, %112 ] %38 = phi i32 [ 0, %27 ], [ %119, %112 ] %39 = phi i64* [ %19, %27 ], [ %120, %112 ] %40 = phi i32 [ 0, %27 ], [ %121, %112 ] %42 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 8, i64 %41) #6, !srcloc !5 %43 = extractvalue { i64*, i64, i64 } %42, 0 %44 = extractvalue { i64*, i64, i64 } %42, 1 %45 = extractvalue { i64*, i64, i64 } %42, 2 %46 = ptrtoint i64* %43 to i64 %47 = trunc i64 %46 to i32 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %537 %51 = getelementptr i64, i64* %39, i64 1 %52 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 8, i64 %50) #6, !srcloc !6 %53 = extractvalue { i64*, i64, i64 } %52, 0 %54 = extractvalue { i64*, i64, i64 } %52, 1 %55 = extractvalue { i64*, i64, i64 } %52, 2 %56 = ptrtoint i64* %53 to i64 %57 = trunc i64 %56 to i32 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %541 %60 = add i64 %44, -1 %61 = icmp ugt i64 %60, 4 br i1 %61, label %62, label %63 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.25.38768, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 %26 = icmp ugt i32 %22, 5 br i1 %26, label %30, label %27 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([48 x i8], [48 x i8]* @.str.24.38767, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 %17 = getelementptr inbounds i8, i8* %1, i64 8 %18 = bitcast i8* %17 to i64** %19 = load i64*, i64** %18, align 8 %20 = getelementptr inbounds i8, i8* %1, i64 4 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.23.38766, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = bitcast i8* %1 to i32* %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 8 br i1 %14, label %16, label %15 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.1.38765, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private** %6 = load %struct.drm_i915_private*, %struct.drm_i915_private** %5, align 8 %7 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %6, i64 0, i32 126, i32 0 %8 = load i8, i8* %7, align 8, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.38764, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.356675* %0 to %struct.drm_i915_private.361496* %5 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 12, i32 44 %6 = bitcast %struct.drm_sg_mem.356583** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %10 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.37065, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = bitcast %struct.drm_device.356675* %0 to %struct.drm_i915_private.361496* %6 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 12, i32 44 %7 = bitcast %struct.drm_sg_mem.356583** %6 to %struct.intel_overlay** %8 = load %struct.intel_overlay*, %struct.intel_overlay** %7, align 8 %9 = icmp eq %struct.intel_overlay* %8, null br i1 %9, label %10, label %11 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.37065, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode.356479, %struct.inode.356479* %0, i64 0, i32 46 %4 = bitcast i8** %3 to %struct.drm_i915_private** %5 = load %struct.drm_i915_private*, %struct.drm_i915_private** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %5, i64 0, i32 7, i32 2 %7 = load i8, i8* %6, align 4 %8 = icmp ult i8 %7, 6 br i1 %8, label %10, label %9 tail call void @intel_uncore_forcewake_user_put(%struct.drm_i915_private* %5) #69 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 0 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #69 %4 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 13, i32 13, i32 0 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %19 %9 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.drm_i915_private* %0) #69 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 13 %3 = bitcast [5 x i8]* %2 to i40* %4 = load i40, i40* %3, align 1 %5 = and i40 %4, 1024 %6 = icmp eq i40 %5, 0 br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 271104 %11 = bitcast i8* %10 to i32* %12 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %11) #6, !srcloc !4 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %18, !prof !5, !misexpect !6 %15 = load i8*, i8** %8, align 8 %16 = getelementptr i8, i8* %15, i64 271104 %17 = bitcast i8* %16 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %17) #6, !srcloc !7 br label %18 %19 = phi i8 [ 0, %1 ], [ 1, %14 ], [ 0, %7 ] %20 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 7 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 2359296 %23 = icmp eq i32 %22, 0 br i1 %23, label %39, label %24 %40 = phi i8 [ %38, %36 ], [ %19, %18 ] %41 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 7, i32 1 %42 = load i16, i16* %41, align 2 %43 = and i16 %42, 96 %44 = icmp eq i16 %43, 0 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %0, i64 0, i32 12 %47 = load i8*, i8** %46, align 8 %48 = getelementptr i8, i8* %47, i64 1179648 %49 = bitcast i8* %48 to i32* %50 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %49) #6, !srcloc !4 %51 = icmp ne i32 %50, 0 br i1 %51, label %52, label %56, !prof !5, !misexpect !9 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.54.35613, i64 0, i64 0), i32 %50) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %12, label %11 %13 = getelementptr inbounds i8, i8* %1, i64 40 %14 = bitcast i8* %13 to i64* %15 = load i64, i64* %14, align 8 %16 = and i64 %15, -1048384 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %232 %19 = and i64 %15, 524288 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %31 %22 = getelementptr inbounds i8, i8* %1, i64 28 %23 = bitcast i8* %22 to i32* %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %232 %27 = getelementptr inbounds i8, i8* %1, i64 32 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %232 %32 = getelementptr inbounds i8, i8* %1, i64 24 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, -1 br i1 %35, label %42, label %36 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.5.34721, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %12, label %11 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.34720, i64 0, i64 0), i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer_ioctl ------------- Path:  Function:i915_gem_execbuffer_ioctl %4 = alloca %struct.drm_i915_gem_execbuffer2, align 8 %5 = bitcast %struct.drm_i915_gem_execbuffer2* %4 to i8* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 %14 = bitcast i8* %1 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 1 store i32 %8, i32* %17, align 8 %18 = getelementptr inbounds i8, i8* %1, i64 12 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 2 store i32 %20, i32* %21, align 4 %22 = getelementptr inbounds i8, i8* %1, i64 16 %23 = bitcast i8* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 3 store i32 %24, i32* %25, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 20 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 4 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds i8, i8* %1, i64 24 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 8 %33 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 5 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds i8, i8* %1, i64 28 %35 = bitcast i8* %34 to i32* %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 6 store i32 %36, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %1, i64 32 %39 = bitcast i8* %38 to i64* %40 = load i64, i64* %39, align 8 %41 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 7 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 8 store i64 1, i64* %42, align 8 %43 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 9 store i64 0, i64* %43, align 8 %44 = icmp eq i32 %36, 0 %45 = icmp eq i64 %40, 0 %46 = and i1 %44, %45 br i1 %46, label %47, label %143 %48 = icmp eq i32 %32, -1 br i1 %48, label %52, label %49 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.5.34721, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer_ioctl ------------- Path:  Function:i915_gem_execbuffer_ioctl %4 = alloca %struct.drm_i915_gem_execbuffer2, align 8 %5 = bitcast %struct.drm_i915_gem_execbuffer2* %4 to i8* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.34720, i64 0, i64 0), i64 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_context_create_ioctl ------------- Path:  Function:i915_gem_context_create_ioctl %4 = bitcast %struct.drm_device.356675* %0 to %struct.drm_i915_private* %5 = getelementptr inbounds %struct.drm_file.356545, %struct.drm_file.356545* %2, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.drm_i915_file_private** %7 = load %struct.drm_i915_file_private*, %struct.drm_i915_file_private** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private, %struct.drm_i915_private* %4, i64 0, i32 8, i32 1 %9 = load i8, i8* %8, align 4 %10 = and i8 %9, 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %45, label %12 %13 = getelementptr inbounds i8, i8* %1, i64 4 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %45 %18 = getelementptr inbounds %struct.drm_i915_file_private, %struct.drm_i915_file_private* %7, i64 0, i32 6, i32 0 %19 = load volatile i32, i32* %18, align 4 %20 = icmp sgt i32 %19, 8 br i1 %20, label %21, label %31 %22 = tail call %struct.task_struct.356421* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.356421** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.356421**)) #10, !srcloc !4 %23 = getelementptr inbounds %struct.task_struct.356421, %struct.task_struct.356421* %22, i64 0, i32 79, i64 0 %24 = tail call %struct.pid.356281* bitcast (%struct.pid.45783* (%struct.task_struct.46154*, i32)* @get_task_pid to %struct.pid.356281* (%struct.task_struct.356421*, i32)*)(%struct.task_struct.356421* %22, i32 0) #69 %25 = icmp eq %struct.pid.356281* %24, null br i1 %25, label %29, label %26 %30 = phi i32 [ %28, %26 ], [ 0, %21 ] tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.34701, i64 0, i64 0), i8* %23, i32 %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file.356487, %struct.file.356487* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_state** %7 = load %struct.i915_gpu_state*, %struct.i915_gpu_state** %6, align 8 %8 = icmp eq %struct.i915_gpu_state* %7, null br i1 %8, label %12, label %9 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.32.34587, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.356487, %struct.file.356487* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.356205** %9 = load %struct.seq_file.356205*, %struct.seq_file.356205** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.356205, %struct.seq_file.356205* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private** %12 = load %struct.drm_i915_private*, %struct.drm_i915_private** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %54, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %54 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.49.34570, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %28 %29 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %54 %32 = load i32, i32* %5, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.51.34572, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.356487, %struct.file.356487* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.356205** %9 = load %struct.seq_file.356205*, %struct.seq_file.356205** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.356205, %struct.seq_file.356205* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private** %12 = load %struct.drm_i915_private*, %struct.drm_i915_private** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %54, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %54 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.49.34570, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %28 store i32 5, i32* %5, align 4 br label %34 %35 = phi i32 [ 5, %27 ], [ %32, %31 ] call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([45 x i8], [45 x i8]* @.str.50.34571, i64 0, i64 0), i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr %struct.kobject.356495, %struct.kobject.356495* %1, i64 -1, i32 5 %8 = getelementptr inbounds %struct.kernfs_node.356494*, %struct.kernfs_node.356494** %7, i64 19 %9 = bitcast %struct.kernfs_node.356494** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = getelementptr inbounds i8, i8* %10, i64 16 %12 = bitcast i8* %11 to %struct.drm_i915_private.361496** %13 = load %struct.drm_i915_private.361496*, %struct.drm_i915_private.361496** %12, align 8 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.33391, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = bitcast %struct.drm_device.356675* %0 to %struct.drm_i915_private* %5 = getelementptr inbounds %struct.drm_device.356675, %struct.drm_device.356675* %0, i64 0, i32 43 %6 = load %struct.pci_dev.356579*, %struct.pci_dev.356579** %5, align 8 %7 = bitcast i8* %1 to i32* %8 = load i32, i32* %7, align 8 switch i32 %8, label %197 [ i32 1, label %206 i32 2, label %206 i32 3, label %206 i32 14, label %206 i32 4, label %9 i32 32, label %13 i32 6, label %17 i32 7, label %20 i32 10, label %26 i32 11, label %32 i32 22, label %38 i32 31, label %44 i32 17, label %50 i32 27, label %57 i32 18, label %67 i32 20, label %69 i32 23, label %75 i32 28, label %82 i32 33, label %84 i32 34, label %129 i32 35, label %136 i32 36, label %144 i32 38, label %151 i32 39, label %158 i32 42, label %164 i32 40, label %169 i32 41, label %171 i32 30, label %198 i32 5, label %198 i32 8, label %198 i32 9, label %198 i32 12, label %198 i32 13, label %198 i32 15, label %198 i32 16, label %198 i32 19, label %198 i32 21, label %198 i32 24, label %198 i32 25, label %198 i32 26, label %198 i32 29, label %198 i32 37, label %198 i32 43, label %198 i32 44, label %198 i32 45, label %198 i32 48, label %198 i32 49, label %198 i32 50, label %175 i32 46, label %177 i32 47, label %184 i32 51, label %191 ] tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.166.33231, i64 0, i64 0), i32 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = getelementptr inbounds %struct.file.89922, %struct.file.89922* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file.89575** %7 = load %struct.seq_file.89575*, %struct.seq_file.89575** %6, align 8 %8 = getelementptr inbounds %struct.seq_file.89575, %struct.seq_file.89575* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.drm_crtc.355940** %10 = load %struct.drm_crtc.355940*, %struct.drm_crtc.355940** %9, align 8 %11 = icmp eq i64 %2, 0 br i1 %11, label %40, label %12 %13 = icmp ugt i64 %2, 4095 br i1 %13, label %14, label %15 tail call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.33060, i64 0, i64 0), i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %8 = tail call i64 bitcast (i64 (%struct.file.353874*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.365662*, i32, i64)*)(%struct.file.365662* %0, i32 %1, i64 %2) #69 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.353874, %struct.file.353874* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = icmp ugt i32 %4, 184 br i1 %7, label %8, label %10 %11 = zext i32 %4 to i64 %12 = getelementptr [185 x %struct.anon.74.353875], [185 x %struct.anon.74.353875]* @drm_compat_ioctls, i64 0, i64 %11, i32 0 %13 = load i32 (%struct.file.353874*, i32, i64)*, i32 (%struct.file.353874*, i32, i64)** %12, align 16 %14 = icmp eq i32 (%struct.file.353874*, i32, i64)* %13, null br i1 %14, label %15, label %17 %18 = tail call %struct.task_struct.353762* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.353762** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.353762**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.353762, %struct.task_struct.353762* %18, i64 0, i32 47 %20 = load i32, i32* %19, align 16 %21 = getelementptr inbounds i8, i8* %6, i64 48 %22 = bitcast i8* %21 to %struct.drm_minor.353922** %23 = load %struct.drm_minor.353922*, %struct.drm_minor.353922** %22, align 8 %24 = getelementptr inbounds %struct.drm_minor.353922, %struct.drm_minor.353922* %23, i64 0, i32 2 %25 = load %struct.device.353917*, %struct.device.353917** %24, align 8 %26 = getelementptr inbounds %struct.device.353917, %struct.device.353917* %25, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = lshr i32 %27, 20 %29 = shl nuw nsw i32 %28, 8 %30 = or i32 %29, %27 %31 = and i32 %30, 65535 %32 = zext i32 %31 to i64 %33 = load i8, i8* %6, align 8 %34 = and i8 %33, 1 %35 = zext i8 %34 to i32 %36 = getelementptr [185 x %struct.anon.74.353875], [185 x %struct.anon.74.353875]* @drm_compat_ioctls, i64 0, i64 %11, i32 1 %37 = load i8*, i8** %36, align 8 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.32940, i64 0, i64 0), i32 %20, i64 %32, i32 %35, i8* %37) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_noop ------------- Path:  Function:drm_noop tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.31604, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %37, i64 0, i32 49 %39 = load %struct.drm_ioctl_desc.336808*, %struct.drm_ioctl_desc.336808** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %8, %31 ] %53 = phi %struct.drm_ioctl_desc.336808* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 47 %72 = load i32, i32* %71, align 16 %73 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %73, i64 0, i32 2 %75 = load %struct.device.14383*, %struct.device.14383** %74, align 8 %76 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %75, i64 0, i32 28 %77 = load i32, i32* %76, align 8 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = load i8, i8* %7, align 8 %84 = and i8 %83, 1 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.31710, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.365662* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %35 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.365947* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.365947** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.365947**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.365947, %struct.task_struct.365947* %12, i64 0, i32 161, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %35, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* %21 = call i32 asm sideeffect "\0A1:\09movl ${1:k},$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,ir,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i32 -14, i32 0) #6, !srcloc !8 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %35, !prof !10, !misexpect !11 %24 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = inttoptr i64 %26 to i32* call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %28 = getelementptr inbounds i8, i8* %10, i64 8 %29 = bitcast i8* %28 to %struct.__large_struct* %30 = call i32 asm sideeffect "\0A1:\09movq $1,$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,er,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %35, !prof !10, !misexpect !11 %33 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.365662*, i32, i64)*)(%struct.file.365662* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %37, i64 0, i32 49 %39 = load %struct.drm_ioctl_desc.336808*, %struct.drm_ioctl_desc.336808** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %8, %31 ] %53 = phi %struct.drm_ioctl_desc.336808* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 47 %72 = load i32, i32* %71, align 16 %73 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %73, i64 0, i32 2 %75 = load %struct.device.14383*, %struct.device.14383** %74, align 8 %76 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %75, i64 0, i32 28 %77 = load i32, i32* %76, align 8 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = load i8, i8* %7, align 8 %84 = and i8 %83, 1 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.31710, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %125 = phi i32 [ %52, %120 ], [ %8, %42 ], [ %8, %25 ] %126 = phi i32 [ %122, %120 ], [ -22, %42 ], [ -22, %25 ] %127 = phi i8* [ %121, %120 ], [ null, %42 ], [ null, %25 ] %128 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %128, i64 0, i32 47 %130 = load i32, i32* %129, align 16 %131 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %132 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %131, i64 0, i32 2 %133 = load %struct.device.14383*, %struct.device.14383** %132, align 8 %134 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %133, i64 0, i32 28 %135 = load i32, i32* %134, align 8 %136 = lshr i32 %135, 20 %137 = shl nuw nsw i32 %136, 8 %138 = or i32 %137, %135 %139 = and i32 %138, 65535 %140 = zext i32 %139 to i64 %141 = load i8, i8* %7, align 8 %142 = and i8 %141, 1 %143 = zext i8 %142 to i32 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([66 x i8], [66 x i8]* @.str.3.31712, i64 0, i64 0), i32 %130, i64 %140, i32 %143, i32 %1, i32 %125) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.365662* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %35 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.365947* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.365947** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.365947**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.365947, %struct.task_struct.365947* %12, i64 0, i32 161, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %35, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* %21 = call i32 asm sideeffect "\0A1:\09movl ${1:k},$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,ir,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i32 -14, i32 0) #6, !srcloc !8 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %35, !prof !10, !misexpect !11 %24 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = inttoptr i64 %26 to i32* call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %28 = getelementptr inbounds i8, i8* %10, i64 8 %29 = bitcast i8* %28 to %struct.__large_struct* %30 = call i32 asm sideeffect "\0A1:\09movq $1,$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,er,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %35, !prof !10, !misexpect !11 %33 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.365662*, i32, i64)*)(%struct.file.365662* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %125 = phi i32 [ %52, %120 ], [ %8, %42 ], [ %8, %25 ] %126 = phi i32 [ %122, %120 ], [ -22, %42 ], [ -22, %25 ] %127 = phi i8* [ %121, %120 ], [ null, %42 ], [ null, %25 ] %128 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %128, i64 0, i32 47 %130 = load i32, i32* %129, align 16 %131 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %132 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %131, i64 0, i32 2 %133 = load %struct.device.14383*, %struct.device.14383** %132, align 8 %134 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %133, i64 0, i32 28 %135 = load i32, i32* %134, align 8 %136 = lshr i32 %135, 20 %137 = shl nuw nsw i32 %136, 8 %138 = or i32 %137, %135 %139 = and i32 %138, 65535 %140 = zext i32 %139 to i64 %141 = load i8, i8* %7, align 8 %142 = and i8 %141, 1 %143 = zext i8 %142 to i32 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([66 x i8], [66 x i8]* @.str.3.31712, i64 0, i64 0), i32 %130, i64 %140, i32 %143, i32 %1, i32 %125) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %37, i64 0, i32 49 %39 = load %struct.drm_ioctl_desc.336808*, %struct.drm_ioctl_desc.336808** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %8, %31 ] %53 = phi %struct.drm_ioctl_desc.336808* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 47 %72 = load i32, i32* %71, align 16 %73 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %73, i64 0, i32 2 %75 = load %struct.device.14383*, %struct.device.14383** %74, align 8 %76 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %75, i64 0, i32 28 %77 = load i32, i32* %76, align 8 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = load i8, i8* %7, align 8 %84 = and i8 %83, 1 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.31710, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 %88 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 2 %89 = bitcast {}** %88 to i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)** %90 = load i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)*, i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)** %89, align 8 %91 = icmp eq i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)* %90, null br i1 %91, label %92, label %93, !prof !6, !misexpect !7 %94 = icmp ult i32 %69, 129 br i1 %94, label %99, label %95 %100 = phi i8* [ %97, %95 ], [ %9, %93 ] %101 = inttoptr i64 %2 to i8* %102 = zext i32 %63 to i64 %103 = call i64 @_copy_from_user(i8* %100, i8* %101, i64 %102) #69 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %120 %106 = icmp ugt i32 %69, %63 br i1 %106, label %107, label %111 %108 = getelementptr i8, i8* %100, i64 %102 %109 = sub nsw i32 %69, %63 %110 = zext i32 %109 to i64 br label %111 %112 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 1 %113 = load i32, i32* %112, align 4 %114 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)* nonnull %90, i8* %100, i32 %113) #70 %115 = trunc i64 %114 to i32 %116 = zext i32 %65 to i64 %117 = call i64 @_copy_to_user(i8* %101, i8* %100, i64 %116) #69 %118 = icmp eq i64 %117, 0 %119 = select i1 %118, i32 %115, i32 -14 br label %120 %121 = phi i8* [ null, %92 ], [ null, %95 ], [ %100, %99 ], [ %100, %111 ] %122 = phi i32 [ -22, %92 ], [ -12, %95 ], [ -14, %99 ], [ %119, %111 ] %123 = icmp eq %struct.drm_ioctl_desc.336808* %53, null br i1 %123, label %124, label %144 %145 = phi i32 [ %122, %120 ], [ %126, %124 ] %146 = phi i8* [ %121, %120 ], [ %127, %124 ] %147 = icmp eq i8* %146, %9 br i1 %147, label %149, label %148 %150 = icmp eq i32 %145, 0 br i1 %150, label %155, label %151 %152 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %153 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %152, i64 0, i32 47 %154 = load i32, i32* %153, align 16 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.4.31713, i64 0, i64 0), i32 %154, i32 %145) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.365662* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %35 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.365947* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.365947** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.365947**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.365947, %struct.task_struct.365947* %12, i64 0, i32 161, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %35, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* %21 = call i32 asm sideeffect "\0A1:\09movl ${1:k},$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,ir,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i32 -14, i32 0) #6, !srcloc !8 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %35, !prof !10, !misexpect !11 %24 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = inttoptr i64 %26 to i32* call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %28 = getelementptr inbounds i8, i8* %10, i64 8 %29 = bitcast i8* %28 to %struct.__large_struct* %30 = call i32 asm sideeffect "\0A1:\09movq $1,$2\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,er,*m,i,0,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !12 call void asm sideeffect "661:\0A\09\0A662:\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A\09.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %35, !prof !10, !misexpect !11 %33 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.365662*, i32, i64)*)(%struct.file.365662* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = and i32 %1, 255 %9 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds i8, i8* %7, i64 48 %11 = bitcast i8* %10 to %struct.drm_minor.336794** %12 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %12, i64 0, i32 3 %14 = load %struct.drm_device.336851*, %struct.drm_device.336851** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.341016*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.336851*, i32*)*)(%struct.drm_device.336851* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %8, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.336851, %struct.drm_device.336851* %14, i64 0, i32 4 %27 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %27, i64 0, i32 50 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.336809*, %struct.drm_driver.336809** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.336809, %struct.drm_driver.336809* %37, i64 0, i32 49 %39 = load %struct.drm_ioctl_desc.336808*, %struct.drm_ioctl_desc.336808** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %8, %31 ] %53 = phi %struct.drm_ioctl_desc.336808* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 47 %72 = load i32, i32* %71, align 16 %73 = load %struct.drm_minor.336794*, %struct.drm_minor.336794** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.336794, %struct.drm_minor.336794* %73, i64 0, i32 2 %75 = load %struct.device.14383*, %struct.device.14383** %74, align 8 %76 = getelementptr inbounds %struct.device.14383, %struct.device.14383* %75, i64 0, i32 28 %77 = load i32, i32* %76, align 8 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = load i8, i8* %7, align 8 %84 = and i8 %83, 1 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.31710, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 %88 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 2 %89 = bitcast {}** %88 to i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)** %90 = load i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)*, i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)** %89, align 8 %91 = icmp eq i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)* %90, null br i1 %91, label %92, label %93, !prof !6, !misexpect !7 %94 = icmp ult i32 %69, 129 br i1 %94, label %99, label %95 %100 = phi i8* [ %97, %95 ], [ %9, %93 ] %101 = inttoptr i64 %2 to i8* %102 = zext i32 %63 to i64 %103 = call i64 @_copy_from_user(i8* %100, i8* %101, i64 %102) #69 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %120 %106 = icmp ugt i32 %69, %63 br i1 %106, label %107, label %111 %108 = getelementptr i8, i8* %100, i64 %102 %109 = sub nsw i32 %69, %63 %110 = zext i32 %109 to i64 br label %111 %112 = getelementptr inbounds %struct.drm_ioctl_desc.336808, %struct.drm_ioctl_desc.336808* %53, i64 0, i32 1 %113 = load i32, i32* %112, align 4 %114 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.336851*, i8*, %struct.drm_file.336796*)* nonnull %90, i8* %100, i32 %113) #70 %115 = trunc i64 %114 to i32 %116 = zext i32 %65 to i64 %117 = call i64 @_copy_to_user(i8* %101, i8* %100, i64 %116) #69 %118 = icmp eq i64 %117, 0 %119 = select i1 %118, i32 %115, i32 -14 br label %120 %121 = phi i8* [ null, %92 ], [ null, %95 ], [ %100, %99 ], [ %100, %111 ] %122 = phi i32 [ -22, %92 ], [ -12, %95 ], [ -14, %99 ], [ %119, %111 ] %123 = icmp eq %struct.drm_ioctl_desc.336808* %53, null br i1 %123, label %124, label %144 %145 = phi i32 [ %122, %120 ], [ %126, %124 ] %146 = phi i8* [ %121, %120 ], [ %127, %124 ] %147 = icmp eq i8* %146, %9 br i1 %147, label %149, label %148 %150 = icmp eq i32 %145, 0 br i1 %150, label %155, label %151 %152 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !5 %153 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %152, i64 0, i32 47 %154 = load i32, i32* %153, align 16 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.4.31713, i64 0, i64 0), i32 %154, i32 %145) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_stub_open ------------- Path:  Function:drm_stub_open tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.31743, i64 0, i64 0)) #69 ------------- Good: 2948 Bad: 36 Ignored: 1361 Check Use of Function:drm_cleanup_buf_error Check Use of Function:kmalloc_array.31530 Check Use of Function:__order_base_2.31526 Check Use of Function:blk_rq_unmap_user Check Use of Function:ring_buffer_discard_commit Check Use of Function:blk_rq_map_user Check Use of Function:security_sb_umount Check Use of Function:compat_nf_setsockopt Check Use of Function:blk_rq_map_user_iov Check Use of Function:nfs_umount_begin Check Use of Function:perf_kprobe_init Check Use of Function:qdisc_create Check Use of Function:freeze_bdev Check Use of Function:mq_leaf Check Use of Function:rtnl_configure_link Check Use of Function:qdisc_graft Check Use of Function:qdisc_lookup Check Use of Function:__dquot_free_space Check Use of Function:free_msg Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __ia32_compat_sys_mq_timedreceive ------------- Path:  Function:__ia32_compat_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @compat_get_timespec64(%struct.anon.48* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.225192*)*)(%struct.inode.225192* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.48* %104 to i8* %112 = bitcast %struct.anon.48* %105 to i8* %113 = bitcast %struct.anon.48* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.225134** %141 = load %struct.task_struct.225134*, %struct.task_struct.225134** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.50485*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.225134*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.225134* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.48* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.48* %24 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.48* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.48* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.225192*)*)(%struct.inode.225192* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.48* %104 to i8* %112 = bitcast %struct.anon.48* %105 to i8* %113 = bitcast %struct.anon.48* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.225134** %141 = load %struct.task_struct.225134*, %struct.task_struct.225134** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.50485*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.225134*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.225134* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.48* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.48* %20 = call i32 @get_timespec64(%struct.anon.48* nonnull %2, %struct.anon.48* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.48* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.48* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.48* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %23, i64 0, i32 96 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.225184* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 2 %39 = load %struct.inode.225192*, %struct.inode.225192** %38, align 8 %40 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 3 %41 = load %struct.file_operations.225181*, %struct.file_operations.225181** %40, align 8 %42 = icmp eq %struct.file_operations.225181* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.225192, %struct.inode.225192* %39, i64 -1, i32 46 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 32 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.126536*)* @current_time to { i64, i64 } (%struct.inode.225192*)*)(%struct.inode.225192* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.225192, %struct.inode.225192* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.48* %104 to i8* %112 = bitcast %struct.anon.48* %105 to i8* %113 = bitcast %struct.anon.48* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.225134** %141 = load %struct.task_struct.225134*, %struct.task_struct.225134** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.50485*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.225134*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.225134* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Good: 5 Bad: 3 Ignored: 0 Check Use of Function:gen_replace_estimator Check Use of Function:xt_compat_add_offset Check Use of Function:mq_select_queue Check Use of Function:__ftrace_trace_stack Check Use of Function:sd_pr_preempt Check Use of Function:write_pool_user Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #69 ------------- Good: 1 Bad: 2 Ignored: 0 Check Use of Function:nfs_atomic_open Check Use of Function:kernfs_xattr_get Check Use of Function:dm_pr_release Check Use of Function:proc_lookupfdinfo Check Use of Function:ptep_set_access_flags Check Use of Function:_credit_init_bits Check Use of Function:nfs_create Check Use of Function:vfat_revalidate Check Use of Function:dm_pr_reserve Check Use of Function:kbd_rate Check Use of Function:fsnotify Check Use of Function:sd_pr_clear Check Use of Function:shmem_create Check Use of Function:md_ioctl Use: =BAD PATH= Call Stack: 0 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.533489* %0, i32 %1, i32 %2, i64 %8) #69 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:ext4_mark_inode_dirty Check Use of Function:ext4_lookup Check Use of Function:__vfs_removexattr Check Use of Function:sd_ioctl Check Use of Function:alloc_file_pseudo Check Use of Function:compat_import_iovec Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __se_sys_socketcall 3 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %213 = inttoptr i64 %43 to %struct.user_msghdr* %214 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %215 = load i64, i64* %214, align 16 %216 = trunc i64 %215 to i32 %217 = bitcast %struct.msghdr.230061* %5 to i8* %218 = icmp sgt i32 %216, -1 br i1 %218, label %219, label %247 %220 = trunc i64 %41 to i32 %221 = call i64 @__fdget(i32 %220) #69 %222 = and i64 %221, -4 %223 = inttoptr i64 %222 to %struct.file.230059* %224 = trunc i64 %221 to i32 %225 = icmp eq i64 %222, 0 br i1 %225, label %247, label %226 %227 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 3 %228 = load %struct.file_operations.230044*, %struct.file_operations.230044** %227, align 8 %229 = icmp eq %struct.file_operations.230044* %228, @socket_file_ops br i1 %229, label %230, label %235 %231 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 16 %232 = bitcast i8** %231 to %struct.socket.230347** %233 = load %struct.socket.230347*, %struct.socket.230347** %232, align 8 %234 = icmp eq %struct.socket.230347* %233, null br i1 %234, label %235, label %240, !prof !6, !misexpect !8 %241 = and i32 %224, 1 %242 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %233, %struct.user_msghdr* %213, %struct.msghdr.230061* nonnull %5, i32 %216, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __se_sys_socketcall 3 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %213 = inttoptr i64 %43 to %struct.user_msghdr* %214 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %215 = load i64, i64* %214, align 16 %216 = trunc i64 %215 to i32 %217 = bitcast %struct.msghdr.230061* %5 to i8* %218 = icmp sgt i32 %216, -1 br i1 %218, label %219, label %247 %220 = trunc i64 %41 to i32 %221 = call i64 @__fdget(i32 %220) #69 %222 = and i64 %221, -4 %223 = inttoptr i64 %222 to %struct.file.230059* %224 = trunc i64 %221 to i32 %225 = icmp eq i64 %222, 0 br i1 %225, label %247, label %226 %227 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 3 %228 = load %struct.file_operations.230044*, %struct.file_operations.230044** %227, align 8 %229 = icmp eq %struct.file_operations.230044* %228, @socket_file_ops br i1 %229, label %230, label %235 %231 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %223, i64 0, i32 16 %232 = bitcast i8** %231 to %struct.socket.230347** %233 = load %struct.socket.230347*, %struct.socket.230347** %232, align 8 %234 = icmp eq %struct.socket.230347* %233, null br i1 %234, label %235, label %240, !prof !6, !misexpect !8 %241 = and i32 %224, 1 %242 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %233, %struct.user_msghdr* %213, %struct.msghdr.230061* nonnull %5, i32 %216, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __sys_sendmmsg 3 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %228 = zext i32 %92 to i64 %229 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %230 = load i32, i32* %229, align 8 %231 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %232 = load i32, i32* %231, align 4 %233 = inttoptr i64 %228 to %struct.mmsghdr* %234 = or i32 %232, -2147483648 %235 = call i32 @__sys_sendmmsg(i32 %90, %struct.mmsghdr* %233, i32 %230, i32 %234, i1 zeroext false) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __sys_sendmmsg 3 __ia32_compat_sys_sendmmsg ------------- Path:  Function:__ia32_compat_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = inttoptr i64 %6 to %struct.mmsghdr* %15 = or i32 %13, -2147483648 %16 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %14, i32 %12, i32 %15, i1 zeroext false) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __sys_sendmmsg 3 __ia32_sys_sendmmsg ------------- Path:  Function:__ia32_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.mmsghdr* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %12, i32 %13, i32 %14, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __sys_sendmmsg 3 __x64_sys_sendmmsg ------------- Path:  Function:__x64_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.mmsghdr** %6 = load %struct.mmsghdr*, %struct.mmsghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %6, i32 %12, i32 %13, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.msghdr.230061, align 8 %7 = alloca %struct.used_address, align 8 %8 = bitcast %struct.msghdr.230061* %6 to i8* %9 = bitcast %struct.used_address* %7 to i8* %10 = xor i1 %4, true %11 = icmp sgt i32 %3, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %91 %14 = icmp ult i32 %2, 1024 %15 = select i1 %14, i32 %2, i32 1024 %16 = tail call i64 @__fdget(i32 %0) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %91, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = getelementptr inbounds %struct.used_address, %struct.used_address* %7, i64 0, i32 1 store i32 -1, i32* %37, align 8 %38 = icmp eq i32 %15, 0 br i1 %38, label %81, label %39 %40 = or i32 %3, 262144 %41 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %42 = add nsw i32 %15, -1 %43 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %6, i64 0, i32 2, i32 2 br label %44 %45 = phi i32 [ %40, %39 ], [ %50, %78 ] %46 = phi i32 [ 0, %39 ], [ %75, %78 ] %47 = phi %struct.mmsghdr* [ %1, %39 ], [ %72, %78 ] %48 = phi %struct.compat_mmsghdr* [ %41, %39 ], [ %71, %78 ] %49 = icmp eq i32 %46, %42 %50 = select i1 %49, i32 %3, i32 %45 %51 = icmp sgt i32 %50, -1 br i1 %51, label %61, label %52 %62 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %47, i64 0, i32 0 %63 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %62, %struct.msghdr.230061* nonnull %6, i32 %50, %struct.used_address* nonnull %7, i32 128) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __ia32_sys_sendmsg ------------- Path:  Function:__ia32_sys_sendmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %7 to %struct.user_msghdr* %11 = trunc i64 %9 to i32 %12 = bitcast %struct.msghdr.230061* %2 to i8* %13 = icmp sgt i32 %11, -1 br i1 %13, label %14, label %45 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %42, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %10, %struct.msghdr.230061* nonnull %2, i32 %11, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __x64_sys_sendmsg ------------- Path:  Function:__x64_sys_sendmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.user_msghdr** %7 = load %struct.user_msghdr*, %struct.user_msghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.msghdr.230061* %2 to i8* %12 = icmp sgt i32 %10, -1 br i1 %12, label %13, label %44 %14 = trunc i64 %4 to i32 %15 = tail call i64 @__fdget(i32 %14) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.230059* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %41, label %20 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 3 %22 = load %struct.file_operations.230044*, %struct.file_operations.230044** %21, align 8 %23 = icmp eq %struct.file_operations.230044* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.230347** %27 = load %struct.socket.230347*, %struct.socket.230347** %26, align 8 %28 = icmp eq %struct.socket.230347* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %27, %struct.user_msghdr* %7, %struct.msghdr.230061* nonnull %2, i32 %10, %struct.used_address* null, i32 0) #69 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_sendmsg 2 __sys_sendmsg 3 __ia32_compat_sys_sendmsg ------------- Path:  Function:__ia32_compat_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.msghdr.230061, align 8 %6 = bitcast %struct.msghdr.230061* %5 to i8* %7 = xor i1 %3, true %8 = icmp sgt i32 %2, -1 %9 = or i1 %8, %7 br i1 %9, label %10, label %40 %11 = tail call i64 @__fdget(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.230059* %14 = trunc i64 %11 to i32 %15 = icmp eq i64 %12, 0 br i1 %15, label %37, label %16 %17 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 3 %18 = load %struct.file_operations.230044*, %struct.file_operations.230044** %17, align 8 %19 = icmp eq %struct.file_operations.230044* %18, @socket_file_ops br i1 %19, label %20, label %25 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 16 %22 = bitcast i8** %21 to %struct.socket.230347** %23 = load %struct.socket.230347*, %struct.socket.230347** %22, align 8 %24 = icmp eq %struct.socket.230347* %23, null br i1 %24, label %25, label %30, !prof !4, !misexpect !5 %31 = and i32 %14, 1 %32 = call fastcc i32 @___sys_sendmsg(%struct.socket.230347* nonnull %23, %struct.user_msghdr* %1, %struct.msghdr.230061* nonnull %5, i32 %2, %struct.used_address* null, i32 0) #70 Function:___sys_sendmsg %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca %struct.iovec*, align 8 %10 = alloca [36 x i8], align 8 %11 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %12 = bitcast [8 x %struct.iovec]* %8 to i8* %13 = bitcast %struct.iovec** %9 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %9, align 8 %15 = getelementptr inbounds [36 x i8], [36 x i8]* %10, i64 0, i64 0 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %2, i64 0, i32 0 %17 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %7, %struct.__kernel_sockaddr_storage** %17, align 8 %18 = icmp sgt i32 %3, -1 br i1 %18, label %22, label %19 %20 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %21 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %20, %struct.sys_desc_table** null, %struct.iovec** nonnull %9) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __sys_recvmmsg 3 __ia32_compat_sys_recvmmsg ------------- Path:  Function:__ia32_compat_sys_recvmmsg %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = trunc i64 %4 to i32 %16 = trunc i64 %9 to i32 %17 = trunc i64 %11 to i32 %18 = bitcast %struct.anon.48* %2 to i8* %19 = icmp eq i64 %14, 0 br i1 %19, label %20, label %24 %25 = inttoptr i64 %14 to i8* %26 = call i32 @compat_get_timespec(%struct.anon.48* nonnull %2, i8* nonnull %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %37 %29 = inttoptr i64 %7 to %struct.mmsghdr* %30 = or i32 %17, -2147483648 %31 = call i32 @__sys_recvmmsg(i32 %15, %struct.mmsghdr* %29, i32 %16, i32 %30, %struct.anon.48* nonnull %2) #69 Function:__sys_recvmmsg %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.msghdr.230061, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = bitcast %struct.msghdr.230061* %7 to i8* %11 = bitcast %struct.anon.48* %8 to i8* %12 = bitcast %struct.anon.48* %9 to i8* %13 = icmp eq %struct.anon.48* %4, null br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = call i32 @poll_select_set_timeout(%struct.anon.48* nonnull %8, i64 %16, i64 %18) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %143 %22 = call i64 @__fdget(i32 %0) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.230059* %25 = trunc i64 %22 to i32 %26 = icmp eq i64 %23, 0 br i1 %26, label %143, label %27 %28 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 3 %29 = load %struct.file_operations.230044*, %struct.file_operations.230044** %28, align 8 %30 = icmp eq %struct.file_operations.230044* %29, @socket_file_ops br i1 %30, label %31, label %36 %32 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 16 %33 = bitcast i8** %32 to %struct.socket.230347** %34 = load %struct.socket.230347*, %struct.socket.230347** %33, align 8 %35 = icmp eq %struct.socket.230347* %34, null br i1 %35, label %36, label %41, !prof !4, !misexpect !5 %42 = and i32 %25, 1 %43 = and i32 %3, 8192 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %55, !prof !6, !misexpect !5 %46 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %34, i64 0, i32 5 %47 = load %struct.sock.230350*, %struct.sock.230350** %46, align 8 %48 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %47, i64 0, i32 48 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %55, label %51, !prof !6, !misexpect !5 %56 = phi i32 [ 0, %45 ], [ 0, %51 ], [ -9, %41 ] %57 = icmp eq i32 %2, 0 br i1 %57, label %137, label %58 %59 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %60 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 %61 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 %62 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %63 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %64 = bitcast %struct.anon.48* %6 to i8* %65 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %68 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %69 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %7, i64 0, i32 5 br label %70 %71 = phi i32 [ %3, %58 ], [ %104, %124 ] %72 = phi i32 [ 0, %58 ], [ %101, %124 ] %73 = phi %struct.mmsghdr* [ %1, %58 ], [ %98, %124 ] %74 = phi %struct.compat_mmsghdr* [ %59, %58 ], [ %97, %124 ] %75 = icmp sgt i32 %71, -1 br i1 %75, label %86, label %76 %87 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %73, i64 0, i32 0 %88 = and i32 %71, -65537 %89 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %34, %struct.user_msghdr* %87, %struct.msghdr.230061* nonnull %7, i32 %88, i32 %72) #70 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __sys_recvmmsg 3 __ia32_sys_recvmmsg ------------- Path:  Function:__ia32_sys_recvmmsg %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = trunc i64 %4 to i32 %16 = inttoptr i64 %7 to %struct.mmsghdr* %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = bitcast %struct.anon.48* %2 to i8* %20 = icmp sgt i32 %18, -1 br i1 %20, label %21, label %36 %22 = icmp eq i64 %14, 0 br i1 %22, label %23, label %25 %26 = inttoptr i64 %14 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %19, i8* nonnull %26, i64 16) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = call i32 @__sys_recvmmsg(i32 %15, %struct.mmsghdr* %16, i32 %17, i32 %18, %struct.anon.48* nonnull %2) #69 Function:__sys_recvmmsg %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.msghdr.230061, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = bitcast %struct.msghdr.230061* %7 to i8* %11 = bitcast %struct.anon.48* %8 to i8* %12 = bitcast %struct.anon.48* %9 to i8* %13 = icmp eq %struct.anon.48* %4, null br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = call i32 @poll_select_set_timeout(%struct.anon.48* nonnull %8, i64 %16, i64 %18) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %143 %22 = call i64 @__fdget(i32 %0) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.230059* %25 = trunc i64 %22 to i32 %26 = icmp eq i64 %23, 0 br i1 %26, label %143, label %27 %28 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 3 %29 = load %struct.file_operations.230044*, %struct.file_operations.230044** %28, align 8 %30 = icmp eq %struct.file_operations.230044* %29, @socket_file_ops br i1 %30, label %31, label %36 %32 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 16 %33 = bitcast i8** %32 to %struct.socket.230347** %34 = load %struct.socket.230347*, %struct.socket.230347** %33, align 8 %35 = icmp eq %struct.socket.230347* %34, null br i1 %35, label %36, label %41, !prof !4, !misexpect !5 %42 = and i32 %25, 1 %43 = and i32 %3, 8192 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %55, !prof !6, !misexpect !5 %46 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %34, i64 0, i32 5 %47 = load %struct.sock.230350*, %struct.sock.230350** %46, align 8 %48 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %47, i64 0, i32 48 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %55, label %51, !prof !6, !misexpect !5 %56 = phi i32 [ 0, %45 ], [ 0, %51 ], [ -9, %41 ] %57 = icmp eq i32 %2, 0 br i1 %57, label %137, label %58 %59 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %60 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 %61 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 %62 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %63 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %64 = bitcast %struct.anon.48* %6 to i8* %65 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %68 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %69 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %7, i64 0, i32 5 br label %70 %71 = phi i32 [ %3, %58 ], [ %104, %124 ] %72 = phi i32 [ 0, %58 ], [ %101, %124 ] %73 = phi %struct.mmsghdr* [ %1, %58 ], [ %98, %124 ] %74 = phi %struct.compat_mmsghdr* [ %59, %58 ], [ %97, %124 ] %75 = icmp sgt i32 %71, -1 br i1 %75, label %86, label %76 %87 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %73, i64 0, i32 0 %88 = and i32 %71, -65537 %89 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %34, %struct.user_msghdr* %87, %struct.msghdr.230061* nonnull %7, i32 %88, i32 %72) #70 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __sys_recvmmsg 3 __x64_sys_recvmmsg ------------- Path:  Function:__x64_sys_recvmmsg %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.mmsghdr** %7 = load %struct.mmsghdr*, %struct.mmsghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %9 to i32 %16 = trunc i64 %11 to i32 %17 = bitcast %struct.anon.48* %2 to i8* %18 = icmp sgt i32 %16, -1 br i1 %18, label %19, label %34 %20 = icmp eq i64 %13, 0 br i1 %20, label %21, label %23 %24 = inttoptr i64 %13 to i8* %25 = call i64 @_copy_from_user(i8* nonnull %17, i8* nonnull %24, i64 16) #69 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %34 %28 = call i32 @__sys_recvmmsg(i32 %14, %struct.mmsghdr* %7, i32 %15, i32 %16, %struct.anon.48* nonnull %2) #69 Function:__sys_recvmmsg %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.msghdr.230061, align 8 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.anon.48, align 8 %10 = bitcast %struct.msghdr.230061* %7 to i8* %11 = bitcast %struct.anon.48* %8 to i8* %12 = bitcast %struct.anon.48* %9 to i8* %13 = icmp eq %struct.anon.48* %4, null br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = call i32 @poll_select_set_timeout(%struct.anon.48* nonnull %8, i64 %16, i64 %18) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %143 %22 = call i64 @__fdget(i32 %0) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.230059* %25 = trunc i64 %22 to i32 %26 = icmp eq i64 %23, 0 br i1 %26, label %143, label %27 %28 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 3 %29 = load %struct.file_operations.230044*, %struct.file_operations.230044** %28, align 8 %30 = icmp eq %struct.file_operations.230044* %29, @socket_file_ops br i1 %30, label %31, label %36 %32 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %24, i64 0, i32 16 %33 = bitcast i8** %32 to %struct.socket.230347** %34 = load %struct.socket.230347*, %struct.socket.230347** %33, align 8 %35 = icmp eq %struct.socket.230347* %34, null br i1 %35, label %36, label %41, !prof !4, !misexpect !5 %42 = and i32 %25, 1 %43 = and i32 %3, 8192 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %55, !prof !6, !misexpect !5 %46 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %34, i64 0, i32 5 %47 = load %struct.sock.230350*, %struct.sock.230350** %46, align 8 %48 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %47, i64 0, i32 48 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %55, label %51, !prof !6, !misexpect !5 %56 = phi i32 [ 0, %45 ], [ 0, %51 ], [ -9, %41 ] %57 = icmp eq i32 %2, 0 br i1 %57, label %137, label %58 %59 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %60 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 0 %61 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %8, i64 0, i32 1 %62 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 0 %63 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %9, i64 0, i32 1 %64 = bitcast %struct.anon.48* %6 to i8* %65 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 0 %68 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %4, i64 0, i32 1 %69 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %7, i64 0, i32 5 br label %70 %71 = phi i32 [ %3, %58 ], [ %104, %124 ] %72 = phi i32 [ 0, %58 ], [ %101, %124 ] %73 = phi %struct.mmsghdr* [ %1, %58 ], [ %98, %124 ] %74 = phi %struct.compat_mmsghdr* [ %59, %58 ], [ %97, %124 ] %75 = icmp sgt i32 %71, -1 br i1 %75, label %86, label %76 %87 = getelementptr %struct.mmsghdr, %struct.mmsghdr* %73, i64 0, i32 0 %88 = and i32 %71, -65537 %89 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %34, %struct.user_msghdr* %87, %struct.msghdr.230061* nonnull %7, i32 %88, i32 %72) #70 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __ia32_sys_recvmsg ------------- Path:  Function:__ia32_sys_recvmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %7 to %struct.user_msghdr* %11 = trunc i64 %9 to i32 %12 = bitcast %struct.msghdr.230061* %2 to i8* %13 = icmp sgt i32 %11, -1 br i1 %13, label %14, label %45 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.230059* %19 = trunc i64 %16 to i32 %20 = icmp eq i64 %17, 0 br i1 %20, label %42, label %21 %22 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 3 %23 = load %struct.file_operations.230044*, %struct.file_operations.230044** %22, align 8 %24 = icmp eq %struct.file_operations.230044* %23, @socket_file_ops br i1 %24, label %25, label %30 %26 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %18, i64 0, i32 16 %27 = bitcast i8** %26 to %struct.socket.230347** %28 = load %struct.socket.230347*, %struct.socket.230347** %27, align 8 %29 = icmp eq %struct.socket.230347* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %36 = and i32 %19, 1 %37 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %28, %struct.user_msghdr* %10, %struct.msghdr.230061* nonnull %2, i32 %11, i32 0) #69 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __x64_sys_recvmsg ------------- Path:  Function:__x64_sys_recvmsg %2 = alloca %struct.msghdr.230061, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.user_msghdr** %7 = load %struct.user_msghdr*, %struct.user_msghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.msghdr.230061* %2 to i8* %12 = icmp sgt i32 %10, -1 br i1 %12, label %13, label %44 %14 = trunc i64 %4 to i32 %15 = tail call i64 @__fdget(i32 %14) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.230059* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %41, label %20 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 3 %22 = load %struct.file_operations.230044*, %struct.file_operations.230044** %21, align 8 %23 = icmp eq %struct.file_operations.230044* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.230347** %27 = load %struct.socket.230347*, %struct.socket.230347** %26, align 8 %28 = icmp eq %struct.socket.230347* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %27, %struct.user_msghdr* %7, %struct.msghdr.230061* nonnull %2, i32 %10, i32 0) #69 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 ___sys_recvmsg 2 __sys_recvmsg 3 __ia32_compat_sys_recvmsg ------------- Path:  Function:__ia32_compat_sys_recvmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_recvmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_recvmsg %5 = alloca %struct.msghdr.230061, align 8 %6 = bitcast %struct.msghdr.230061* %5 to i8* %7 = xor i1 %3, true %8 = icmp sgt i32 %2, -1 %9 = or i1 %8, %7 br i1 %9, label %10, label %40 %11 = tail call i64 @__fdget(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.230059* %14 = trunc i64 %11 to i32 %15 = icmp eq i64 %12, 0 br i1 %15, label %37, label %16 %17 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 3 %18 = load %struct.file_operations.230044*, %struct.file_operations.230044** %17, align 8 %19 = icmp eq %struct.file_operations.230044* %18, @socket_file_ops br i1 %19, label %20, label %25 %21 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %13, i64 0, i32 16 %22 = bitcast i8** %21 to %struct.socket.230347** %23 = load %struct.socket.230347*, %struct.socket.230347** %22, align 8 %24 = icmp eq %struct.socket.230347* %23, null br i1 %24, label %25, label %30, !prof !4, !misexpect !5 %31 = and i32 %14, 1 %32 = call fastcc i32 @___sys_recvmsg(%struct.socket.230347* nonnull %23, %struct.user_msghdr* %1, %struct.msghdr.230061* nonnull %5, i32 %2, i32 0) #70 Function:___sys_recvmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca [8 x %struct.iovec], align 16 %8 = alloca %struct.iovec*, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %12 = bitcast [8 x %struct.iovec]* %7 to i8* %13 = bitcast %struct.iovec** %8 to i8* %14 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %7, i64 0, i64 0 store %struct.iovec* %14, %struct.iovec** %8, align 8 %15 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %16 = bitcast %struct.sys_desc_table** %10 to i8* %17 = icmp sgt i32 %3, -1 %18 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %11, i64 0, i32 1 %19 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %1, i64 0, i32 1 %20 = select i1 %17, i32* %19, i32* %18 %21 = bitcast %struct.msghdr.230061* %2 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %9, %struct.__kernel_sockaddr_storage** %21, align 8 br i1 %17, label %24, label %22 %23 = call i32 @get_compat_msghdr(%struct.msghdr.230061* %2, %struct.x86_pmu_capability* %11, %struct.sys_desc_table** nonnull %10, %struct.iovec** nonnull %8) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %67 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %67, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %67, label %58 %59 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 6 store %struct.kiocb.230060* null, %struct.kiocb.230060** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %0, i64 0, i32 2 %66 = call i32 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_process_vm_rw 1 __ia32_compat_sys_process_vm_writev ------------- Path:  Function:__ia32_compat_sys_process_vm_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to %struct.util_est* %21 = inttoptr i64 %12 to %struct.util_est* %22 = tail call fastcc i64 @compat_process_vm_rw(i32 %19, %struct.util_est* %20, i64 %9, %struct.util_est* %21, i64 %15, i64 %18, i32 1) #69 Function:compat_process_vm_rw %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.iovec*, align 8 %12 = alloca %struct.iov_iter, align 8 %13 = bitcast [8 x %struct.iovec]* %8 to i8* %14 = bitcast [8 x %struct.iovec]* %9 to i8* %15 = bitcast %struct.iovec** %10 to i8* %16 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %16, %struct.iovec** %10, align 8 %17 = bitcast %struct.iovec** %11 to i8* %18 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 store %struct.iovec* %18, %struct.iovec** %11, align 8 %19 = bitcast %struct.iov_iter* %12 to i8* %20 = icmp eq i64 %5, 0 br i1 %20, label %21, label %47 %22 = icmp ne i32 %6, 0 %23 = zext i1 %22 to i32 %24 = trunc i64 %2 to i32 %25 = call i32 @compat_import_iovec(i32 %23, %struct.util_est* %1, i32 %24, i32 8, %struct.iovec** nonnull %10, %struct.iov_iter* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_process_vm_rw 1 __ia32_compat_sys_process_vm_readv ------------- Path:  Function:__ia32_compat_sys_process_vm_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to %struct.util_est* %21 = inttoptr i64 %12 to %struct.util_est* %22 = tail call fastcc i64 @compat_process_vm_rw(i32 %19, %struct.util_est* %20, i64 %9, %struct.util_est* %21, i64 %15, i64 %18, i32 0) #69 Function:compat_process_vm_rw %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.iovec*, align 8 %12 = alloca %struct.iov_iter, align 8 %13 = bitcast [8 x %struct.iovec]* %8 to i8* %14 = bitcast [8 x %struct.iovec]* %9 to i8* %15 = bitcast %struct.iovec** %10 to i8* %16 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %16, %struct.iovec** %10, align 8 %17 = bitcast %struct.iovec** %11 to i8* %18 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 store %struct.iovec* %18, %struct.iovec** %11, align 8 %19 = bitcast %struct.iov_iter* %12 to i8* %20 = icmp eq i64 %5, 0 br i1 %20, label %21, label %47 %22 = icmp ne i32 %6, 0 %23 = zext i1 %22 to i32 %24 = trunc i64 %2 to i32 %25 = call i32 @compat_import_iovec(i32 %23, %struct.util_est* %1, i32 %24, i32 8, %struct.iovec** nonnull %10, %struct.iov_iter* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv64 ------------- Path:  Function:__ia32_compat_sys_preadv64 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %10 to %struct.util_est* %17 = bitcast i64* %5 to i8* store i64 %15, i64* %5, align 8 %18 = trunc i64 %7 to i32 %19 = tail call i64 @__fdget(i32 %18) #69 %20 = and i64 %19, -4 %21 = inttoptr i64 %20 to %struct.file.39652* %22 = icmp eq i64 %20, 0 br i1 %22, label %59, label %23 %24 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %21, i64 0, i32 8 %25 = load i32, i32* %24, align 4 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %54, label %28 %29 = bitcast [8 x %struct.iovec]* %2 to i8* %30 = bitcast %struct.iovec** %3 to i8* %31 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %31, %struct.iovec** %3, align 8 %32 = bitcast %struct.iov_iter* %4 to i8* %33 = trunc i64 %12 to i32 %34 = call i32 @compat_import_iovec(i32 0, %struct.util_est* %16, i32 %33, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv ------------- Path:  Function:__ia32_compat_sys_preadv %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %10 to %struct.util_est* %19 = trunc i64 %12 to i32 %20 = shl i64 %17, 32 %21 = or i64 %20, %15 %22 = bitcast i64* %5 to i8* store i64 %21, i64* %5, align 8 %23 = icmp slt i64 %21, 0 br i1 %23, label %65, label %24 %25 = trunc i64 %7 to i32 %26 = tail call i64 @__fdget(i32 %25) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.39652* %29 = icmp eq i64 %27, 0 br i1 %29, label %65, label %30 %31 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %28, i64 0, i32 8 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 8 %34 = icmp eq i32 %33, 0 br i1 %34, label %60, label %35 %36 = bitcast [8 x %struct.iovec]* %2 to i8* %37 = bitcast %struct.iovec** %3 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %3, align 8 %39 = bitcast %struct.iov_iter* %4 to i8* %40 = call i32 @compat_import_iovec(i32 0, %struct.util_est* %18, i32 %19, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv64v2 ------------- Path:  Function:__ia32_compat_sys_preadv64v2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %10 to %struct.util_est* %19 = trunc i64 %17 to i32 %20 = bitcast i64* %5 to i8* store i64 %15, i64* %5, align 8 %21 = trunc i64 %7 to i32 %22 = tail call i64 @__fdget(i32 %21) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.39652* %25 = icmp eq i64 %23, 0 br i1 %25, label %62, label %26 %27 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %57, label %31 %32 = bitcast [8 x %struct.iovec]* %2 to i8* %33 = bitcast %struct.iovec** %3 to i8* %34 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %34, %struct.iovec** %3, align 8 %35 = bitcast %struct.iov_iter* %4 to i8* %36 = trunc i64 %12 to i32 %37 = call i32 @compat_import_iovec(i32 0, %struct.util_est* %18, i32 %36, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = trunc i64 %11 to i32 %25 = inttoptr i64 %14 to %struct.util_est* %26 = trunc i64 %16 to i32 %27 = trunc i64 %23 to i32 %28 = shl i64 %21, 32 %29 = or i64 %28, %19 %30 = icmp eq i64 %29, -1 br i1 %30, label %31, label %78 %79 = bitcast i64* %8 to i8* store i64 %29, i64* %8, align 8 %80 = icmp slt i64 %29, 0 br i1 %80, label %121, label %81 %82 = tail call i64 @__fdget(i32 %24) #69 %83 = and i64 %82, -4 %84 = inttoptr i64 %83 to %struct.file.39652* %85 = icmp eq i64 %83, 0 br i1 %85, label %121, label %86 %87 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %84, i64 0, i32 8 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 8 %90 = icmp eq i32 %89, 0 br i1 %90, label %116, label %91 %92 = bitcast [8 x %struct.iovec]* %2 to i8* %93 = bitcast %struct.iovec** %3 to i8* %94 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %94, %struct.iovec** %3, align 8 %95 = bitcast %struct.iov_iter* %4 to i8* %96 = call i32 @compat_import_iovec(i32 0, %struct.util_est* %25, i32 %26, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %8 to %struct.util_est* %21 = trunc i64 %18 to i32 %22 = shl i64 %16, 32 %23 = or i64 %22, %14 %24 = icmp eq i64 %23, -1 br i1 %24, label %25, label %49 %50 = bitcast i64* %2 to i8* store i64 %23, i64* %2, align 8 %51 = icmp slt i64 %23, 0 br i1 %51, label %69, label %52 %53 = tail call i64 @__fdget(i32 %19) #69 %54 = and i64 %53, -4 %55 = inttoptr i64 %54 to %struct.file.39652* %56 = icmp eq i64 %54, 0 br i1 %56, label %69, label %57 %58 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %55, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = and i32 %59, 16 %61 = icmp eq i32 %60, 0 br i1 %61, label %64, label %62 %63 = call fastcc i64 @compat_writev(%struct.file.39652* nonnull %55, %struct.util_est* %20, i64 %11, i64* nonnull %2, i32 %21) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i32 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev64v2 ------------- Path:  Function:__ia32_compat_sys_pwritev64v2 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = inttoptr i64 %7 to %struct.util_est* %17 = trunc i64 %15 to i32 %18 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %19 = trunc i64 %4 to i32 %20 = tail call i64 @__fdget(i32 %19) #69 %21 = and i64 %20, -4 %22 = inttoptr i64 %21 to %struct.file.39652* %23 = icmp eq i64 %21, 0 br i1 %23, label %36, label %24 %25 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %22, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 16 %28 = icmp eq i32 %27, 0 br i1 %28, label %31, label %29 %30 = call fastcc i64 @compat_writev(%struct.file.39652* nonnull %22, %struct.util_est* %16, i64 %10, i64* nonnull %2, i32 %17) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i32 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev ------------- Path:  Function:__ia32_compat_sys_pwritev %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = inttoptr i64 %7 to %struct.util_est* %17 = shl i64 %15, 32 %18 = or i64 %17, %13 %19 = bitcast i64* %2 to i8* store i64 %18, i64* %2, align 8 %20 = icmp slt i64 %18, 0 br i1 %20, label %39, label %21 %22 = trunc i64 %4 to i32 %23 = tail call i64 @__fdget(i32 %22) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.39652* %26 = icmp eq i64 %24, 0 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %25, i64 0, i32 8 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 16 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32 %33 = call fastcc i64 @compat_writev(%struct.file.39652* nonnull %25, %struct.util_est* %16, i64 %10, i64* nonnull %2, i32 0) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i32 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev64 ------------- Path:  Function:__ia32_compat_sys_pwritev64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to %struct.util_est* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.39652* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call fastcc i64 @compat_writev(%struct.file.39652* nonnull %19, %struct.util_est* %14, i64 %10, i64* nonnull %2, i32 0) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i32 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_vmsplice ------------- Path:  Function:__ia32_compat_sys_vmsplice %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %6 to i32 %15 = inttoptr i64 %9 to %struct.util_est* %16 = trunc i64 %11 to i32 %17 = trunc i64 %13 to i32 %18 = bitcast [8 x %struct.iovec]* %2 to i8* %19 = bitcast %struct.iovec** %3 to i8* %20 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %20, %struct.iovec** %3, align 8 %21 = bitcast %struct.iov_iter* %4 to i8* %22 = call i64 @__fdget(i32 %14) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.130191* %25 = trunc i64 %22 to i32 %26 = icmp eq i64 %23, 0 br i1 %26, label %53, label %27 %28 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %24, i64 0, i32 8 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 2 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %39 %33 = and i32 %29, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 %40 = phi i32 [ 1, %27 ], [ 0, %32 ] %41 = call i32 @compat_import_iovec(i32 %40, %struct.util_est* %15, i32 %16, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %72 = inttoptr i64 %11 to %struct.util_est* %73 = bitcast [8 x %struct.iovec]* %2 to i8* %74 = bitcast %struct.iovec** %3 to i8* %75 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %75, %struct.iovec** %3, align 8 %76 = bitcast %struct.iov_iter* %4 to i8* %77 = icmp eq i32 %19, 0 %78 = select i1 %77, i32 0, i32 %20 %79 = call i32 @compat_import_iovec(i32 1, %struct.util_est* %72, i32 %78, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Good: 5 Bad: 35 Ignored: 0 Check Use of Function:blk_rq_init Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 blk_execute_rq_nowait 4 blk_execute_rq 5 bsg_ioctl ------------- Path:  Function:bsg_ioctl %4 = alloca %struct.sg_io_v4, align 8 %5 = getelementptr inbounds %struct.file.264090, %struct.file.264090* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.bsg_device** %7 = load %struct.bsg_device*, %struct.bsg_device** %6, align 8 %8 = inttoptr i64 %2 to i32* switch i32 %1, label %211 [ i32 8816, label %9 i32 8817, label %14 i32 8834, label %31 i32 21378, label %31 i32 21382, label %31 i32 8705, label %31 i32 8706, label %31 i32 8818, label %31 i32 8821, label %31 i32 8707, label %31 i32 1, label %31 i32 8837, label %39 ] %40 = bitcast %struct.sg_io_v4* %4 to i8* %41 = inttoptr i64 %2 to i8* %42 = call i64 @_copy_from_user(i8* nonnull %40, i8* %41, i64 160) #69 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %209 %45 = getelementptr inbounds %struct.bsg_device, %struct.bsg_device* %7, i64 0, i32 0 %46 = load %struct.request_queue.263977*, %struct.request_queue.263977** %45, align 8 %47 = getelementptr inbounds %struct.file.264090, %struct.file.264090* %0, i64 0, i32 8 %48 = load i32, i32* %47, align 4 %49 = getelementptr inbounds %struct.request_queue.263977, %struct.request_queue.263977* %46, i64 0, i32 78, i32 0 %50 = load %struct.device.263915*, %struct.device.263915** %49, align 8 %51 = icmp eq %struct.device.263915* %50, null br i1 %51, label %166, label %52 %53 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 81 br i1 %55, label %56, label %166 %57 = getelementptr inbounds %struct.request_queue.263977, %struct.request_queue.263977* %46, i64 0, i32 78, i32 3 %58 = load %struct.bsg_ops.263974*, %struct.bsg_ops.263974** %57, align 8 %59 = getelementptr inbounds %struct.bsg_ops.263974, %struct.bsg_ops.263974* %58, i64 0, i32 0 %60 = load i32 (%struct.sg_io_v4*)*, i32 (%struct.sg_io_v4*)** %59, align 8 %61 = call i32 %60(%struct.sg_io_v4* nonnull %4) #69 %62 = icmp eq i32 %61, 0 br i1 %62, label %66, label %63 %64 = sext i32 %61 to i64 %65 = inttoptr i64 %64 to %struct.request.263930* br label %163 %164 = phi %struct.request.263930* [ %65, %63 ], [ %162, %156 ], [ %71, %66 ], [ %71, %134 ], [ %71, %128 ] %165 = icmp ugt %struct.request.263930* %164, inttoptr (i64 -4096 to %struct.request.263930*) br i1 %165, label %166, label %169 %170 = getelementptr inbounds %struct.request.263930, %struct.request.263930* %164, i64 0, i32 9 %171 = load %struct.bio.263989*, %struct.bio.263989** %170, align 8 %172 = getelementptr inbounds %struct.request.263930, %struct.request.263930* %164, i64 0, i32 32 %173 = load %struct.request.263930*, %struct.request.263930** %172, align 8 %174 = icmp eq %struct.request.263930* %173, null br i1 %174, label %178, label %175 %179 = phi %struct.bio.263989* [ %177, %175 ], [ null, %169 ] %180 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 18 %181 = load i32, i32* %180, align 4 %182 = lshr i32 %181, 4 %183 = and i32 %182, 1 %184 = xor i32 %183, 1 %185 = load %struct.request_queue.263977*, %struct.request_queue.263977** %45, align 8 call void bitcast (void (%struct.request_queue.251458*, %struct.gendisk.251466*, %struct.request.251405*, i32)* @blk_execute_rq to void (%struct.request_queue.263977*, %struct.gendisk.263985*, %struct.request.263930*, i32)*)(%struct.request_queue.263977* %185, %struct.gendisk.263985* null, %struct.request.263930* %164, i32 %184) #69 Function:blk_execute_rq %5 = alloca %struct.completion, align 8 %6 = bitcast %struct.completion* %5 to i8* %7 = getelementptr inbounds %struct.completion, %struct.completion* %5, i64 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.completion, %struct.completion* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.completion, %struct.completion* %5, i64 0, i32 1, i32 1 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.completion, %struct.completion* %5, i64 0, i32 1, i32 1, i32 1 store %struct.list_head* %9, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.request.251405, %struct.request.251405* %2, i64 0, i32 31 %13 = bitcast i8** %12 to %struct.completion** store %struct.completion* %5, %struct.completion** %13, align 8 call void @blk_execute_rq_nowait(%struct.request_queue.251458* %0, %struct.gendisk.251466* %1, %struct.request.251405* %2, i32 %3, void (%struct.request.251405*, i8)* nonnull @blk_end_sync_rq) #69 Function:blk_execute_rq_nowait %6 = alloca i64, align 8 %7 = icmp ne i32 %3, 0 %8 = select i1 %7, i32 1, i32 2 %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %15, !prof !5, !misexpect !6 %16 = getelementptr inbounds %struct.request.251405, %struct.request.251405* %2, i64 0, i32 3 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 252 %19 = icmp eq i32 %18, 32 br i1 %19, label %22, label %20, !prof !9, !misexpect !6 %23 = getelementptr inbounds %struct.request.251405, %struct.request.251405* %2, i64 0, i32 15 store %struct.gendisk.251466* %1, %struct.gendisk.251466** %23, align 8 %24 = getelementptr inbounds %struct.request.251405, %struct.request.251405* %2, i64 0, i32 30 store void (%struct.request.251405*, i8)* %4, void (%struct.request.251405*, i8)** %24, align 8 %25 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %0, i64 0, i32 20 %26 = load %struct.blk_mq_ops.251438*, %struct.blk_mq_ops.251438** %25, align 8 %27 = icmp eq %struct.blk_mq_ops.251438* %26, null br i1 %27, label %29, label %28 call void bitcast (void (%struct.request.255894*, i1, i1, i1)* @blk_mq_sched_insert_request to void (%struct.request.251405*, i1, i1, i1)*)(%struct.request.251405* %2, i1 zeroext %7, i1 zeroext true, i1 zeroext false) #70 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.255894, %struct.request.255894* %0, i64 0, i32 0 %7 = load %struct.request_queue.255945*, %struct.request_queue.255945** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.255945, %struct.request_queue.255945* %7, i64 0, i32 2 %9 = load %struct.elevator_queue.255919*, %struct.elevator_queue.255919** %8, align 8 %10 = getelementptr inbounds %struct.request.255894, %struct.request.255894* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.255880*, %struct.blk_mq_ctx.255880** %10, align 8 %12 = getelementptr inbounds %struct.blk_mq_ctx.255880, %struct.blk_mq_ctx.255880* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 64 %14 = getelementptr inbounds %struct.request_queue.255945, %struct.request_queue.255945* %7, i64 0, i32 25 %15 = load %struct.blk_mq_hw_ctx.255908**, %struct.blk_mq_hw_ctx.255908*** %14, align 8 %16 = getelementptr inbounds %struct.request_queue.255945, %struct.request_queue.255945* %7, i64 0, i32 21 %17 = load i32*, i32** %16, align 8 %18 = sext i32 %13 to i64 %19 = getelementptr i32, i32* %17, i64 %18 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.blk_mq_hw_ctx.255908*, %struct.blk_mq_hw_ctx.255908** %15, i64 %21 %23 = load %struct.blk_mq_hw_ctx.255908*, %struct.blk_mq_hw_ctx.255908** %22, align 8 %24 = getelementptr inbounds %struct.request.255894, %struct.request.255894* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 16 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %36 %29 = getelementptr inbounds %struct.request.255894, %struct.request.255894* %0, i64 0, i32 3 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 393216 %32 = icmp eq i32 %31, 0 br i1 %32, label %34, label %33 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.255894*)*)(%struct.request.255894* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 do_sched_yield 5 __x64_sys_sched_yield ------------- Path:  Function:__x64_sys_sched_yield tail call fastcc void @do_sched_yield() #69 Function:do_sched_yield tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.rq* nonnull @runqueues) #6, !srcloc !5 %2 = inttoptr i64 %1 to %struct.rq* %3 = getelementptr inbounds %struct.rq, %struct.rq* %2, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %3) #69 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @sched_schedstats to %struct.static_key*), i1 false, i8* blockaddress(@do_sched_yield, %4)) #6 to label %8 [label %4], !srcloc !6 %9 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !7 %10 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %9, i64 0, i32 19 %11 = load %struct.sched_class*, %struct.sched_class** %10, align 8 %12 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %11, i64 0, i32 3 %13 = load void (%struct.rq*)*, void (%struct.rq*)** %12, align 8 tail call void %13(%struct.rq* %2) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %14 = inttoptr i64 %1 to i8* store volatile i8 0, i8* %14, align 1 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %15 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %9, i64 0, i32 1 %16 = load volatile i64, i64* %15, align 16 %17 = icmp eq i64 %16, 0 br i1 %17, label %45, label %18 %19 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %9, i64 0, i32 107 %20 = load %struct.rt_mutex_waiter*, %struct.rt_mutex_waiter** %19, align 8 %21 = icmp eq %struct.rt_mutex_waiter* %20, null br i1 %21, label %22, label %45 %23 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %9, i64 0, i32 110 %24 = load %struct.blk_plug*, %struct.blk_plug** %23, align 16 %25 = icmp eq %struct.blk_plug* %24, null br i1 %25, label %45, label %26 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %24, i64 0, i32 0 %28 = bitcast %struct.blk_plug* %24 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %27, %30 br i1 %31, label %32, label %44 %33 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %24, i64 0, i32 1 %34 = bitcast %struct.list_head* %33 to i64* %35 = load volatile i64, i64* %34, align 8 %36 = inttoptr i64 %35 to %struct.list_head* %37 = icmp eq %struct.list_head* %33, %36 br i1 %37, label %38, label %44 %39 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %24, i64 0, i32 2 %40 = bitcast %struct.list_head* %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = inttoptr i64 %41 to %struct.list_head* %43 = icmp eq %struct.list_head* %39, %42 br i1 %43, label %45, label %44 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %24, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 _nfs4_do_setattr 9 nfs4_do_setattr 10 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %5 = load %struct.inode.733*, %struct.inode.733** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #69 %6 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %2, i64 0, i32 8 %21 = load %struct.file.725*, %struct.file.725** %20, align 8 %22 = getelementptr inbounds %struct.file.725, %struct.file.725* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.197135** %24 = load %struct.nfs_open_context.197135*, %struct.nfs_open_context.197135** %23, align 8 %25 = icmp eq %struct.nfs_open_context.197135* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %24, i64 0, i32 3 %28 = load %struct.rpc_cred*, %struct.rpc_cred** %27, align 8 br label %29 %30 = phi %struct.rpc_cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.197135* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode.733* %5, %struct.rpc_cred* %30, %struct.nfs_fattr* %1, %struct.iattr.726* %2, %struct.nfs_open_context.197135* %31, %struct.nfs4_label* null) #70 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %12 = load %struct.super_block.720*, %struct.super_block.720** %11, align 8 %13 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.nfs_server.197100** %15 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %14, align 64 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.197135* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.197134* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr.726* %3, %struct.iattr.726** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.197100* %15, %struct.nfs_server.197100** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.197134* %22, %struct.nfs4_state.197134** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode.733* %0, %struct.inode.733** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 33, i64 0 %45 = bitcast i32* %44 to i8* %46 = icmp eq %struct.inode.733* %0, null %47 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16 %48 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %47, i64 9, i32 1 %49 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %3, i64 0, i32 0 %50 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %15, i64 0, i32 0 %51 = icmp eq %struct.nfs4_state.197134* %22, null %52 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %22, i64 0, i32 13 br label %53 br i1 %46, label %73, label %54 %74 = call fastcc i32 @_nfs4_do_setattr(%struct.inode.733* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.rpc_cred* %1, %struct.nfs_open_context.197135* %4) #70 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.rpc_cred*, align 8 %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %12 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.nfs_server.197100** %14 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %13, align 64 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* %3, %struct.rpc_cred** %21, align 8 %22 = bitcast %struct.rpc_cred** %9 to i8* store %struct.rpc_cred* null, %struct.rpc_cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr.726*, %struct.iattr.726** %26, align 8 %28 = getelementptr inbounds %struct.iattr.726, %struct.iattr.726* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 bitcast (i1 (%struct.inode.733*, i32, %struct.nfs4_stateid_struct*, %struct.rpc_cred.201653**)* @nfs4_copy_delegation_stateid to i1 (%struct.inode.733*, i32, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.inode.733* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.rpc_cred** nonnull %9) #69 br i1 %36, label %63, label %37 %38 = icmp eq %struct.nfs_open_context.197135* %4, null br i1 %38, label %58, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %4, i64 0, i32 4 %41 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %40, align 8 %42 = icmp eq %struct.nfs4_state.197134* %41, null br i1 %42, label %58, label %43 %44 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %152 %49 = call %struct.nfs_lock_context.197128* bitcast (%struct.nfs_lock_context.180729* (%struct.nfs_open_context.180736*)* @nfs_get_lock_context to %struct.nfs_lock_context.197128* (%struct.nfs_open_context.197135*)*)(%struct.nfs_open_context.197135* nonnull %4) #69 %50 = icmp ugt %struct.nfs_lock_context.197128* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.197128*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.198680*, i32, %struct.nfs_lock_context.198674*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.197134*, i32, %struct.nfs_lock_context.197128*, %struct.nfs4_stateid_struct*, %struct.rpc_cred**)*)(%struct.nfs4_state.197134* %55, i32 2, %struct.nfs_lock_context.197128* %49, %struct.nfs4_stateid_struct* %35, %struct.rpc_cred** nonnull %9) #69 call void bitcast (void (%struct.nfs_lock_context.180729*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.197128*)*)(%struct.nfs_lock_context.197128* %49) #69 %57 = icmp eq i32 %56, -5 br i1 %57, label %152, label %63 %64 = load %struct.rpc_cred*, %struct.rpc_cred** %9, align 8 %65 = icmp eq %struct.rpc_cred* %64, null br i1 %65, label %67, label %66 %68 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %14, i64 0, i32 3 %69 = bitcast %struct.rpc_clnt** %68 to i64* %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %73, align 8 %74 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %75 = load i8, i8* %74, align 8 %76 = and i8 %75, -4 %77 = or i8 %76, 1 store i8 %77, i8* %74, align 8 %78 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %78, align 8 %79 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %14, i64 0, i32 0 %80 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %79, align 8 %81 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %82 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.197100* %14, %struct.nfs_server.197100** %82, align 8 %83 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %71, %struct.nfs4_sequence_args.197117** %83, align 8 %84 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %72, %struct.nfs4_sequence_res.197119** %84, align 8 %85 = bitcast %struct.rpc_task_setup* %7 to i8* %86 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %86, align 8 %87 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %88 = bitcast %struct.rpc_clnt** %87 to i64* store i64 %70, i64* %88, align 8 %89 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %89, align 8 %90 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %90, align 8 %91 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %92 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %80, i64 0, i32 29 %93 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 %97 = bitcast %struct.rpc_call_ops** %91 to i64* store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %99 = bitcast i8** %98 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %99, align 8 %100 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %100, align 8 %101 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 store i16 0, i16* %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 store i8 0, i8* %102, align 2 %103 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_server_capabilities 9 nfs4_proc_get_root ------------- Path:  Function:nfs4_proc_get_root %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 %6 = tail call i32 @nfs4_server_capabilities(%struct.nfs_server.197100* %0, %struct.nfs_fh* %1) #69 Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast [3 x i32]* %5 to i8* %12 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %13 = bitcast i32* %12 to i64* %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %15 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %20 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_server_caps_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %29 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %30 = bitcast %struct.rpc_clnt** %29 to i64* %31 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %4 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %53 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %54 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %55 = bitcast i32* %54 to i8* %56 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %57 = getelementptr [3 x i32], [3 x i32]* %56, i64 0, i64 0 %58 = bitcast [3 x i32]* %56 to i8* %59 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 9 %60 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %61 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %63 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34 %64 = bitcast [3 x i32]* %63 to i8* %65 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34, i64 2 %66 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 0 %67 = bitcast [3 x i32]* %56 to i64* %68 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 1 %69 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 2 %70 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %71 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %73 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 35, i64 0 %74 = bitcast i32* %73 to i8* %75 = bitcast i32* %70 to i8* %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 37 %77 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %78 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 38 %79 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %80 store i64 0, i64* %13, align 4 %81 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %14, align 8 %82 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 15 %83 = load i32, i32* %82, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 30), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 store i32 8293, i32* %19, align 4 %84 = icmp eq i32 %83, 0 br i1 %84, label %86, label %85 store i32 2048, i32* %28, align 4 br label %86 %87 = load i64, i64* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %87, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %88 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 29 %89 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %89, i64 0, i32 10 %91 = bitcast %struct.rpc_call_ops** %90 to i64* %92 = load i64, i64* %91, align 8 store i64 %92, i64* %46, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %93 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast [3 x i32]* %5 to i8* %12 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %13 = bitcast i32* %12 to i64* %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %15 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %20 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_server_caps_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %29 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %30 = bitcast %struct.rpc_clnt** %29 to i64* %31 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %4 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %53 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %54 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %55 = bitcast i32* %54 to i8* %56 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %57 = getelementptr [3 x i32], [3 x i32]* %56, i64 0, i64 0 %58 = bitcast [3 x i32]* %56 to i8* %59 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 9 %60 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %61 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %63 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34 %64 = bitcast [3 x i32]* %63 to i8* %65 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 34, i64 2 %66 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 0 %67 = bitcast [3 x i32]* %56 to i64* %68 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 1 %69 = getelementptr %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 36, i64 2 %70 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %71 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %73 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 35, i64 0 %74 = bitcast i32* %73 to i8* %75 = bitcast i32* %70 to i8* %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 37 %77 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %78 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 38 %79 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %80 store i64 0, i64* %13, align 4 %81 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %14, align 8 %82 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 15 %83 = load i32, i32* %82, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 30), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 store i32 8293, i32* %19, align 4 %84 = icmp eq i32 %83, 0 br i1 %84, label %86, label %85 store i32 2048, i32* %28, align 4 br label %86 %87 = load i64, i64* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %87, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %88 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %81, i64 0, i32 29 %89 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %89, i64 0, i32 10 %91 = bitcast %struct.rpc_call_ops** %90 to i64* %92 = load i64, i64* %91, align 8 store i64 %92, i64* %46, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %93 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %14 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %15 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %17 = bitcast %struct.rpc_message* %8 to i8* %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %20 = bitcast i8** %19 to %struct.nfs4_server_caps_arg** %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %22 = bitcast i8** %21 to %struct.nfs4_pathconf_res** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = bitcast %struct.nfs_pathconf* %2 to i8* %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %52 store %struct.nfs_fh* %1, %struct.nfs_fh** %12, align 8 store i32* %14, i32** %13, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %16, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 26), %struct.rpc_procinfo** %18, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %20, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %22, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %23, align 8 %53 = load i32, i32* %14, align 4 %54 = and i32 %53, 805306368 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 %58 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %58) #69 %59 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %60 = load i8, i8* %30, align 8 %61 = and i8 %60, -4 store i8 %61, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %24, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %59, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_do_fsinfo 9 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #69 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.197100* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #70 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = load volatile i64, i64* @jiffies, align 64 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %19 = bitcast i64* %18 to i8* %20 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 %55 = load i64, i64* %29, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %13, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %30, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %55, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 %65 = ptrtoint %struct.rpc_task* %62 to i64 %66 = trunc i64 %65 to i32 br label %70 %71 = phi i32 [ %66, %64 ], [ %69, %67 ] %72 = load %struct.nfs_fattr*, %struct.nfs_fattr** %52, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_do_fsinfo, %73)) #6 to label %95 [label %73], !srcloc !4 %96 = icmp eq i32 %71, 0 br i1 %96, label %97, label %103 %104 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %71, %struct.nfs4_exception* nonnull %9) #70 %105 = load i8, i8* %53, align 8 %106 = and i8 %105, 8 %107 = icmp eq i8 %106, 0 br i1 %107, label %108, label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %27, align 8 %55 = load i64, i64* %29, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %34, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %13, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %30, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %55, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %12 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_statfs_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_statfs_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %27 = bitcast %struct.rpc_clnt** %26 to i64* %28 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %29 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %31 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %33 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %34 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %37 = bitcast %struct.rpc_task_setup* %5 to i8* %38 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %40 = bitcast %struct.rpc_clnt** %39 to i64* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_call_ops** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast i8** %45 to %struct.nfs4_call_sync_data** %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %51 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 27), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %23, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %24, align 8 %52 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %52) #69 %53 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %54 = load i8, i8* %30, align 8 %55 = and i8 %54, -4 store i8 %55, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %53, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 %65 = ptrtoint %struct.rpc_task* %62 to i64 %66 = trunc i64 %65 to i32 br label %70 %71 = phi i32 [ %66, %64 ], [ %69, %67 ] %72 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %0, i32 %71, %struct.nfs4_exception* nonnull %9) #70 %73 = load i8, i8* %50, align 8 %74 = and i8 %73, 8 %75 = icmp eq i8 %74, 0 br i1 %75, label %76, label %51 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 27), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %23, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %24, align 8 %52 = load %struct.nfs_fattr*, %struct.nfs_fattr** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %52) #69 %53 = load i64, i64* %27, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %29, align 8 %54 = load i8, i8* %30, align 8 %55 = and i8 %54, -4 store i8 %55, i8* %30, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %31, align 8 %56 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %32, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %34, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %35, align 8 store %struct.nfs4_sequence_res.197119* %28, %struct.nfs4_sequence_res.197119** %36, align 8 store %struct.rpc_task* null, %struct.rpc_task** %38, align 8 store i64 %53, i64* %40, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %42, align 8 %57 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %56, i64 0, i32 29 %58 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %57, align 8 %59 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %58, i64 0, i32 10 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %44, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %46, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %47, align 8 store i16 0, i16* %48, align 8 store i8 0, i8* %49, align 2 %62 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_readdir_arg, align 8 %10 = alloca %struct.nfs4_readdir_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = zext i1 %5 to i8 %15 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 5 %16 = bitcast %struct.nfs4_readdir_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 1 %19 = bitcast %struct.nfs_fh** %18 to i64** %20 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 4 %22 = bitcast i64* %20 to i8* %23 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 5 %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 6 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 7 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 8 %27 = bitcast %struct.nfs4_readdir_res* %10 to i8* %28 = bitcast %struct.rpc_message* %11 to i8* %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %31 = bitcast i8** %30 to %struct.nfs4_readdir_arg** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %33 = bitcast i8** %32 to %struct.nfs4_readdir_res** %34 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %35 = icmp ugt i64 %2, 2 %36 = bitcast %struct.page.694** %3 to i64* %37 = icmp eq i64 %2, 2 %38 = icmp eq i64 %2, 0 %39 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %0, i64 0, i32 3 %40 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 3, i32 0, i64 0 %42 = bitcast i8* %41 to i64* %43 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0 %45 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0, i32 0 %47 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %51 = bitcast %struct.rpc_task_setup* %8 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 0 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 3 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %64 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 1, i32 0, i64 0 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %67 %68 = load %struct.inode.733*, %struct.inode.733** %15, align 8 %69 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %68, i64 0, i32 8 %70 = load %struct.super_block.720*, %struct.super_block.720** %69, align 8 %71 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %70, i64 0, i32 30 %72 = bitcast i8** %71 to %struct.nfs_server.197100** %73 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %72, align 64 %74 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16, i32 1 store i64* %74, i64** %19, align 8 store i32 %4, i32* %21, align 8 store %struct.page.694** %3, %struct.page.694*** %23, align 8 store i32 0, i32* %24, align 8 store i8 %14, i8* %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 29), %struct.rpc_procinfo** %29, align 8 store %struct.nfs4_readdir_arg* %9, %struct.nfs4_readdir_arg** %31, align 8 store %struct.nfs4_readdir_res* %10, %struct.nfs4_readdir_res** %33, align 8 store %struct.rpc_cred* %1, %struct.rpc_cred** %34, align 8 %75 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 9 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 262144 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 34, i64 0 %80 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 33, i64 0 %81 = select i1 %78, i32* %79, i32* %80 store i32* %81, i32** %25, align 8 %82 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16 %83 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %82, i64 15 br i1 %35, label %84, label %87 br i1 %37, label %155, label %88 %89 = load i64, i64* %36, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %90 = call %struct.task_struct.684* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.684** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.684**)) #10, !srcloc !5 %91 = getelementptr inbounds %struct.task_struct.684, %struct.task_struct.684* %90, i64 0, i32 155 %92 = load i32, i32* %91, align 16 %93 = add i32 %92, 1 store i32 %93, i32* %91, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %94 = load i64, i64* @vmemmap_base, align 8 %95 = sub i64 %89, %94 %96 = shl i64 %95, 6 %97 = load i64, i64* @page_offset_base, align 8 %98 = add i64 %96, %97 %99 = inttoptr i64 %98 to i8* %100 = inttoptr i64 %98 to i32* br i1 %38, label %101, label %126 %102 = getelementptr i8, i8* %99, i64 4 %103 = bitcast i8* %102 to i32* store i32 16777216, i32* %100, align 4 %104 = getelementptr i8, i8* %99, i64 8 %105 = bitcast i8* %104 to i32* store i32 0, i32* %103, align 4 %106 = getelementptr i8, i8* %99, i64 12 %107 = bitcast i8* %106 to i32* store i32 16777216, i32* %105, align 4 %108 = getelementptr i8, i8* %99, i64 16 store i32 16777216, i32* %107, align 4 %109 = bitcast i8* %108 to i32* store i32 46, i32* %109, align 4 %110 = getelementptr i8, i8* %99, i64 20 %111 = bitcast i8* %110 to i32* %112 = getelementptr i8, i8* %99, i64 24 %113 = bitcast i8* %112 to i32* store i32 16777216, i32* %111, align 4 %114 = getelementptr i8, i8* %99, i64 28 %115 = bitcast i8* %114 to i32* store i32 33558528, i32* %113, align 4 %116 = getelementptr i8, i8* %99, i64 32 %117 = bitcast i8* %116 to i32* store i32 201326592, i32* %115, align 4 %118 = getelementptr i8, i8* %99, i64 36 store i32 33554432, i32* %117, align 4 %119 = load %struct.inode.733*, %struct.inode.733** %15, align 8 %120 = getelementptr %struct.inode.733, %struct.inode.733* %119, i64 -1, i32 16, i32 0 %121 = load i64, i64* %120, align 8 %122 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %121) #10, !srcloc !7 %123 = bitcast i8* %118 to i64* store i64 %122, i64* %123, align 8 %124 = getelementptr i8, i8* %99, i64 44 %125 = bitcast i8* %124 to i32* br label %126 %127 = phi i32* [ %125, %101 ], [ %100, %88 ] %128 = getelementptr i32, i32* %127, i64 1 store i32 16777216, i32* %127, align 4 %129 = getelementptr i32, i32* %127, i64 2 store i32 0, i32* %128, align 4 %130 = getelementptr i32, i32* %127, i64 3 store i32 33554432, i32* %129, align 4 %131 = getelementptr i32, i32* %127, i64 4 store i32 33554432, i32* %130, align 4 store i32 11822, i32* %131, align 4 %132 = getelementptr i32, i32* %127, i64 5 %133 = getelementptr i32, i32* %127, i64 6 store i32 16777216, i32* %132, align 4 %134 = getelementptr i32, i32* %127, i64 7 store i32 33558528, i32* %133, align 4 %135 = getelementptr i32, i32* %127, i64 8 store i32 201326592, i32* %134, align 4 %136 = getelementptr i32, i32* %127, i64 9 store i32 33554432, i32* %135, align 4 %137 = load %struct.dentry.734*, %struct.dentry.734** %39, align 8 %138 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %137, i64 0, i32 5 %139 = load %struct.inode.733*, %struct.inode.733** %138, align 8 %140 = getelementptr %struct.inode.733, %struct.inode.733* %139, i64 -1, i32 16, i32 0 %141 = load i64, i64* %140, align 8 %142 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %141) #10, !srcloc !7 %143 = bitcast i32* %136 to i64* store i64 %142, i64* %143, align 8 %144 = getelementptr i32, i32* %127, i64 11 %145 = ptrtoint i32* %144 to i64 %146 = sub i64 %145, %98 %147 = trunc i64 %146 to i32 store i32 %147, i32* %24, align 8 %148 = load i32, i32* %21, align 8 %149 = sub i32 %148, %147 store i32 %149, i32* %21, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %150 = load i32, i32* %91, align 16 %151 = add i32 %150, -1 store i32 %151, i32* %91, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %152 = load i32, i32* %24, align 8 %153 = load i8, i8* %40, align 8 %154 = and i8 %153, -4 br label %155 %156 = phi i8 [ 0, %84 ], [ 0, %87 ], [ %154, %126 ] %157 = phi i32 [ 0, %84 ], [ 0, %87 ], [ %152, %126 ] store i32 %157, i32* %43, align 8 %158 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 3 %159 = bitcast %struct.rpc_clnt** %158 to i64* %160 = load i64, i64* %159, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %45, align 8 store i8 %156, i8* %40, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %46, align 8 %161 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %73, i64 0, i32 0 %162 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %161, align 8 store %struct.nfs_server.197100* %73, %struct.nfs_server.197100** %48, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %49, align 8 store %struct.nfs4_sequence_res.197119* %44, %struct.nfs4_sequence_res.197119** %50, align 8 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 store i64 %160, i64* %54, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %55, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %56, align 8 %163 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %162, i64 0, i32 29 %164 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %163, align 8 %165 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %164, i64 0, i32 10 %166 = bitcast %struct.rpc_call_ops** %165 to i64* %167 = load i64, i64* %166, align 8 store i64 %167, i64* %58, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %60, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %61, align 8 store i16 0, i16* %62, align 8 store i8 0, i8* %63, align 2 %168 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 _nfs4_proc_remove 9 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 5 %6 = load %struct.inode.733*, %struct.inode.733** %5, align 8 %7 = icmp eq %struct.inode.733* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.dentry.734, %struct.dentry.734* %1, i64 0, i32 4 %18 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %19 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %20 %21 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %17, i32 1) #70 %45 = load %struct.super_block.720*, %struct.super_block.720** %18, align 8 %46 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %45, i64 0, i32 30 %47 = bitcast i8** %46 to %struct.nfs_server.197100** %48 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %47, align 64 %49 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %48, i32 %21, %struct.nfs4_exception* nonnull %3) #70 %50 = load i8, i8* %19, align 8 %51 = and i8 %50, 8 %52 = icmp eq i8 %51, 0 br i1 %52, label %53, label %20 %21 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %17, i32 1) #70 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.197118, align 8 %7 = alloca %struct.nfs_removeres.197120, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %10 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %11 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.197100** %13 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %12, align 64 %14 = bitcast %struct.nfs_removeargs.197118* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.197120* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 1 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.197118** store %struct.nfs_removeargs.197118* %6, %struct.nfs_removeargs.197118** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.197120** store %struct.nfs_removeres.197120* %7, %struct.nfs_removeres.197120** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* null, %struct.rpc_cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 0 %42 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %43 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %37, %struct.nfs4_sequence_res.197119** %46, align 8 %47 = bitcast %struct.rpc_task_setup* %5 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* store i64 %36, i64* %50, align 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %54 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %42, i64 0, i32 29 %55 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %54, align 8 %56 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %55, i64 0, i32 10 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = load i64, i64* %57, align 8 %59 = bitcast %struct.rpc_call_ops** %53 to i64* store i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = bitcast i8** %60 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %62, align 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 0, i16* %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %64, align 2 %65 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 _nfs4_proc_remove 9 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %7 %8 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %1, i32 2) #69 %32 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %33 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %32, i64 0, i32 30 %34 = bitcast i8** %33 to %struct.nfs_server.197100** %35 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %34, align 64 %36 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %35, i32 %8, %struct.nfs4_exception* nonnull %3) #69 %37 = load i8, i8* %6, align 8 %38 = and i8 %37, 8 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %7 %8 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.733* %0, %struct.qstr* %1, i32 2) #69 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.197118, align 8 %7 = alloca %struct.nfs_removeres.197120, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %10 = load %struct.super_block.720*, %struct.super_block.720** %9, align 8 %11 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %10, i64 0, i32 30 %12 = bitcast i8** %11 to %struct.nfs_server.197100** %13 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %12, align 64 %14 = bitcast %struct.nfs_removeargs.197118* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.197120* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 1 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.197118** store %struct.nfs_removeargs.197118* %6, %struct.nfs_removeargs.197118** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.197120** store %struct.nfs_removeres.197120* %7, %struct.nfs_removeres.197120** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.rpc_cred* null, %struct.rpc_cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.197118, %struct.nfs_removeargs.197118* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.197120, %struct.nfs_removeres.197120* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %13, i64 0, i32 0 %42 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %43 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.197100* %13, %struct.nfs_server.197100** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.197119* %37, %struct.nfs4_sequence_res.197119** %46, align 8 %47 = bitcast %struct.rpc_task_setup* %5 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* store i64 %36, i64* %50, align 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %8, %struct.rpc_message** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %54 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %42, i64 0, i32 29 %55 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %54, align 8 %56 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %55, i64 0, i32 10 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = load i64, i64* %57, align 8 %59 = bitcast %struct.rpc_call_ops** %53 to i64* store i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = bitcast i8** %60 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 store %struct.workqueue_struct* null, %struct.workqueue_struct** %62, align 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 0, i16* %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %64, align 2 %65 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.page.694*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = bitcast %struct.page.694** %7 to i8* %14 = bitcast %struct.nfs4_readlink* %8 to i8* %15 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %17 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %22 = bitcast %struct.nfs4_readlink_res* %9 to i8* %23 = bitcast %struct.rpc_message* %10 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_readlink** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %30 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %31 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %6 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %53 store %struct.page.694* %1, %struct.page.694** %7, align 8 store i64* %17, i64** %18, align 8 store i32 %2, i32* %19, align 8 store i32 %3, i32* %20, align 4 store %struct.page.694** %7, %struct.page.694*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 28), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %26, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 %54 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %61, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %44, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 %71 = ptrtoint %struct.rpc_task* %68 to i64 %72 = trunc i64 %71 to i32 br label %76 %77 = phi i32 [ %72, %70 ], [ %75, %73 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_readlink, %78)) #6 to label %100 [label %78], !srcloc !4 %101 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %102 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %101, i64 0, i32 30 %103 = bitcast i8** %102 to %struct.nfs_server.197100** %104 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %103, align 64 %105 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %104, i32 %77, %struct.nfs4_exception* nonnull %11) #70 %106 = load i8, i8* %52, align 8 %107 = and i8 %106, 8 %108 = icmp eq i8 %107, 0 br i1 %108, label %109, label %53 store %struct.page.694* %1, %struct.page.694** %7, align 8 store i64* %17, i64** %18, align 8 store i32 %2, i32* %19, align 8 store i32 %3, i32* %20, align 4 store %struct.page.694** %7, %struct.page.694*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 28), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %26, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %28, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %29, align 8 %54 = load %struct.super_block.720*, %struct.super_block.720** %30, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 store i8 0, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %62 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %61, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %15, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %31, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %44, align 8 %63 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %62, i64 0, i32 29 %64 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %11 = bitcast %struct.nfs4_accessargs* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %14 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %15 = bitcast %struct.nfs_fh** %13 to i64** %16 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %18 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %19 = bitcast %struct.nfs4_accessres* %6 to i8* %20 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_accessargs** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_accessres** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %29 = bitcast %struct.rpc_cred** %28 to i64* %30 = bitcast %struct.rpc_cred** %27 to i64* %31 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 3 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %54 = bitcast %struct.nfs_fattr** %31 to i8** %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %56 %57 = load %struct.super_block.720*, %struct.super_block.720** %10, align 8 %58 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %57, i64 0, i32 30 %59 = bitcast i8** %58 to %struct.nfs_server.197100** %60 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %59, align 64 store i64* %14, i64** %15, align 8 store i32* null, i32** %16, align 8 %61 = load i32, i32* %18, align 8 store i32 %61, i32* %17, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 17), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %24, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %26, align 8 %62 = load i64, i64* %29, align 8 store i64 %62, i64* %30, align 8 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* %0, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %66, %struct.nfs_fattr** %31, align 8 %67 = icmp eq %struct.nfs_fattr* %66, null br i1 %67, label %102, label %68 %69 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 36, i64 0 store i32* %69, i32** %16, align 8 br label %70 %71 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 3 %72 = bitcast %struct.rpc_clnt** %71 to i64* %73 = load i64, i64* %72, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %33, align 8 %74 = load i8, i8* %34, align 8 %75 = and i8 %74, -4 store i8 %75, i8* %34, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %35, align 8 %76 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %60, i64 0, i32 0 %77 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %76, align 8 store %struct.nfs_server.197100* %60, %struct.nfs_server.197100** %37, align 8 store %struct.nfs4_sequence_args.197117* %12, %struct.nfs4_sequence_args.197117** %38, align 8 store %struct.nfs4_sequence_res.197119* %32, %struct.nfs4_sequence_res.197119** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %73, i64* %43, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %44, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %45, align 8 %78 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %77, i64 0, i32 29 %79 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %78, align 8 %80 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %79, i64 0, i32 10 %81 = bitcast %struct.rpc_call_ops** %80 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %47, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 0, i16* %51, align 8 store i8 0, i8* %52, align 2 %83 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_server_caps_arg, align 8 %8 = alloca %struct.nfs4_lookup_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %13 = bitcast %struct.nfs4_server_caps_arg* %7 to i8* %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 1 %16 = getelementptr %struct.inode.733, %struct.inode.733* %0, i64 -1, i32 16, i32 1 %17 = bitcast %struct.nfs_fh** %15 to i64** %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 2 %19 = bitcast %struct.nfs4_lookup_res* %8 to i8* %20 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 1 %22 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 2 %23 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 4 %25 = bitcast %struct.rpc_message* %9 to i8* %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_server_caps_arg** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_lookup_res** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 1 %34 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %6 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 3 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %53 %54 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store i64* %16, i64** %17, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 store i32* %61, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 %62 = load i8, i8* %33, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %14, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %20, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %44, align 8 %66 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 29 %67 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %71 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 %74 = ptrtoint %struct.rpc_task* %71 to i64 %75 = trunc i64 %74 to i32 br label %79 %80 = phi i32 [ %75, %73 ], [ %78, %76 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_lookupp, %81)) #6 to label %103 [label %81], !srcloc !4 %104 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %105 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %104, i64 0, i32 30 %106 = bitcast i8** %105 to %struct.nfs_server.197100** %107 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %106, align 64 %108 = call i32 @nfs4_handle_exception(%struct.nfs_server.197100* %107, i32 %80, %struct.nfs4_exception* nonnull %10) #70 %109 = load i8, i8* %52, align 8 %110 = and i8 %109, 8 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %53 %54 = load %struct.super_block.720*, %struct.super_block.720** %12, align 8 %55 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %54, i64 0, i32 30 %56 = bitcast i8** %55 to %struct.nfs_server.197100** %57 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %56, align 64 %58 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store i64* %16, i64** %17, align 8 %61 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 store i32* %61, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %32, align 8 %62 = load i8, i8* %33, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %33, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %34, align 8 %64 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %57, i64 0, i32 0 %65 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %64, align 8 store %struct.nfs_server.197100* %57, %struct.nfs_server.197100** %36, align 8 store %struct.nfs4_sequence_args.197117* %14, %struct.nfs4_sequence_args.197117** %37, align 8 store %struct.nfs4_sequence_res.197119* %20, %struct.nfs4_sequence_res.197119** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %60, i64* %42, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %44, align 8 %66 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %65, i64 0, i32 29 %67 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %46, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %71 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_lookup_common 9 nfs4_proc_lookup ------------- Path:  Function:nfs4_proc_lookup %6 = alloca %struct.rpc_clnt*, align 8 %7 = bitcast %struct.rpc_clnt** %6 to i8* %8 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %0, i64 0, i32 8 %9 = load %struct.super_block.720*, %struct.super_block.720** %8, align 8 %10 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %9, i64 0, i32 30 %11 = bitcast i8** %10 to %struct.nfs_server.197100** %12 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %11, align 64 %13 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 3 %14 = bitcast %struct.rpc_clnt** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = bitcast %struct.rpc_clnt** %6 to i64* store i64 %15, i64* %16, align 8 %17 = call fastcc i32 @nfs4_proc_lookup_common(%struct.rpc_clnt** nonnull %6, %struct.inode.733* %0, %struct.qstr* %1, %struct.nfs_fh* %2, %struct.nfs_fattr* %3, %struct.nfs4_label* %4) #69 Function:nfs4_proc_lookup_common %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_lookup_arg, align 8 %10 = alloca %struct.nfs4_lookup_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %15 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %1, i64 0, i32 8 %16 = bitcast %struct.nfs4_lookup_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 1 %19 = getelementptr %struct.inode.733, %struct.inode.733* %1, i64 -1, i32 16, i32 1 %20 = bitcast %struct.nfs_fh** %18 to i64** %21 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 3 %23 = bitcast %struct.nfs4_lookup_res* %10 to i8* %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0 %25 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 1 %26 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 2 %27 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 4 %29 = bitcast %struct.rpc_message* %11 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_lookup_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_lookup_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %36 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %8 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 3 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %56 %57 = phi %struct.rpc_clnt* [ %14, %6 ], [ %181, %179 ] %58 = load %struct.super_block.720*, %struct.super_block.720** %15, align 8 %59 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %58, i64 0, i32 30 %60 = bitcast i8** %59 to %struct.nfs_server.197100** %61 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %60, align 64 store i64* %19, i64** %20, align 8 store %struct.qstr* %2, %struct.qstr** %21, align 8 %62 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %25, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %26, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %27, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %28, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 19), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %32, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %34, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %35, align 8 store i32* %62, i32** %22, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %36, align 8 %63 = load i8, i8* %37, align 8 %64 = and i8 %63, -4 store i8 %64, i8* %37, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 0 %66 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %65, align 8 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %40, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %41, align 8 store %struct.nfs4_sequence_res.197119* %24, %struct.nfs4_sequence_res.197119** %42, align 8 store %struct.rpc_task* null, %struct.rpc_task** %44, align 8 store %struct.rpc_clnt* %57, %struct.rpc_clnt** %45, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %46, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %47, align 8 %67 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %66, i64 0, i32 29 %68 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %68, i64 0, i32 10 %70 = bitcast %struct.rpc_call_ops** %69 to i64* %71 = load i64, i64* %70, align 8 store i64 %71, i64* %49, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 %75 = ptrtoint %struct.rpc_task* %72 to i64 %76 = trunc i64 %75 to i32 br label %80 %81 = phi i32 [ %76, %74 ], [ %79, %77 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookup to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_lookup_common, %82)) #6 to label %104 [label %82], !srcloc !4 switch i32 %81, label %172 [ i32 -10041, label %190 i32 -10019, label %105 i32 -10016, label %160 ] %161 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %162 = icmp eq %struct.rpc_clnt* %57, %161 br i1 %162, label %163, label %190 %164 = call %struct.rpc_clnt* @nfs4_negotiate_security(%struct.rpc_clnt* %57, %struct.inode.733* %1, %struct.qstr* %2) #69 %165 = icmp ugt %struct.rpc_clnt* %164, inttoptr (i64 -4096 to %struct.rpc_clnt*) br i1 %165, label %166, label %169 %170 = load i8, i8* %55, align 8 %171 = or i8 %170, 8 store i8 %171, i8* %55, align 8 br label %179 %180 = phi i8 [ %178, %172 ], [ %171, %169 ] %181 = phi %struct.rpc_clnt* [ %57, %172 ], [ %164, %169 ] %182 = phi i32 [ %177, %172 ], [ -1, %169 ] %183 = and i8 %180, 8 %184 = icmp eq i8 %183, 0 br i1 %184, label %185, label %56 %57 = phi %struct.rpc_clnt* [ %14, %6 ], [ %181, %179 ] %58 = load %struct.super_block.720*, %struct.super_block.720** %15, align 8 %59 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %58, i64 0, i32 30 %60 = bitcast i8** %59 to %struct.nfs_server.197100** %61 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %60, align 64 store i64* %19, i64** %20, align 8 store %struct.qstr* %2, %struct.qstr** %21, align 8 %62 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 33, i64 0 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %25, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %26, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %27, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %28, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 19), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %32, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %34, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %35, align 8 store i32* %62, i32** %22, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #69 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %36, align 8 %63 = load i8, i8* %37, align 8 %64 = and i8 %63, -4 store i8 %64, i8* %37, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %61, i64 0, i32 0 %66 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %65, align 8 store %struct.nfs_server.197100* %61, %struct.nfs_server.197100** %40, align 8 store %struct.nfs4_sequence_args.197117* %17, %struct.nfs4_sequence_args.197117** %41, align 8 store %struct.nfs4_sequence_res.197119* %24, %struct.nfs4_sequence_res.197119** %42, align 8 store %struct.rpc_task* null, %struct.rpc_task** %44, align 8 store %struct.rpc_clnt* %57, %struct.rpc_clnt** %45, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %46, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %47, align 8 %67 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %66, i64 0, i32 29 %68 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %68, i64 0, i32 10 %70 = bitcast %struct.rpc_call_ops** %69 to i64* %71 = load i64, i64* %70, align 8 store i64 %71, i64* %49, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = bitcast [3 x i32]* %8 to i8* %15 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %20 = bitcast %struct.nfs4_getattr_res* %10 to i8* %21 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %25 = bitcast %struct.rpc_message* %11 to i8* %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_server_caps_arg** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_getattr_res** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %32 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 33, i64 0 %33 = bitcast i32* %32 to i8* %34 = icmp eq %struct.inode.733* %4, null %35 = getelementptr %struct.inode.733, %struct.inode.733* %4, i64 -1, i32 16 %36 = getelementptr inbounds %struct.anon.48, %struct.anon.48* %35, i64 9, i32 1 %37 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 3 %38 = bitcast %struct.rpc_clnt** %37 to i64* %39 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %0, i64 0, i32 0 %43 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %47 = bitcast %struct.rpc_task_setup* %7 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %50 = bitcast %struct.rpc_clnt** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 3 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %54 = bitcast %struct.rpc_call_ops** %53 to i64* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %56 = bitcast i8** %55 to %struct.nfs4_call_sync_data** %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %60 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %61 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %22, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 18), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %30, align 8 store %struct.rpc_cred* null, %struct.rpc_cred** %31, align 8 br i1 %34, label %81, label %62 %63 = call i32 @nfs4_have_delegation(%struct.inode.733* nonnull %4, i32 1) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %81, label %65 %66 = load volatile i64, i64* %36, align 8 %67 = and i64 %66, 64 %68 = icmp eq i64 %67, 0 %69 = select i1 %68, i64 0, i64 %66 %70 = and i64 %69, 2048 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %75 %73 = load i32, i32* %19, align 4 %74 = and i32 %73, -17 store i32 %74, i32* %19, align 4 br label %75 %76 = and i64 %69, 256 %77 = icmp eq i64 %76, 0 br i1 %77, label %78, label %81 %79 = load i32, i32* %19, align 4 %80 = and i32 %79, -9 store i32 %80, i32* %19, align 4 br label %81 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 %82 = load i64, i64* %38, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %39, align 8 %83 = load i8, i8* %40, align 8 %84 = and i8 %83, -4 store i8 %84, i8* %40, align 8 store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %41, align 8 %85 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %42, align 8 store %struct.nfs_server.197100* %0, %struct.nfs_server.197100** %44, align 8 store %struct.nfs4_sequence_args.197117* %16, %struct.nfs4_sequence_args.197117** %45, align 8 store %struct.nfs4_sequence_res.197119* %21, %struct.nfs4_sequence_res.197119** %46, align 8 store %struct.rpc_task* null, %struct.rpc_task** %48, align 8 store i64 %82, i64* %50, align 8 store %struct.rpc_xprt* null, %struct.rpc_xprt** %51, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %52, align 8 %86 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %85, i64 0, i32 29 %87 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %86, align 8 %88 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %87, i64 0, i32 10 %89 = bitcast %struct.rpc_call_ops** %88 to i64* %90 = load i64, i64* %89, align 8 store i64 %90, i64* %54, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %56, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %57, align 8 store i16 0, i16* %58, align 8 store i8 0, i8* %59, align 2 %91 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 rpc_new_task 7 rpc_run_task 8 nfs4_do_close 9 __nfs4_close 10 nfs4_close_sync 11 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 4 %4 = load %struct.nfs4_state.197134*, %struct.nfs4_state.197134** %3, align 8 %5 = icmp eq %struct.nfs4_state.197134* %4, null br i1 %5, label %12, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.197135, %struct.nfs_open_context.197135* %0, i64 0, i32 5 %9 = load i32, i32* %8, align 8 br i1 %7, label %11, label %10 tail call void bitcast (void (%struct.nfs4_state.198680*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.197134*, i32)*)(%struct.nfs4_state.197134* nonnull %4, i32 %9) #69 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.198680* %0, i32 %1, i32 6291648, i32 1) #69 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.198676*, %struct.nfs4_state_owner.198676** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.198676, %struct.nfs4_state_owner.198676* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #69 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.198680, %struct.nfs4_state.198680* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %99, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %100, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %101 = icmp eq i32 %64, 0 br i1 %101, label %102, label %122 %123 = tail call i32 bitcast (i32 (%struct.nfs4_state.197134*, i32, i32)* @nfs4_do_close to i32 (%struct.nfs4_state.198680*, i32, i32)*)(%struct.nfs4_state.198680* %0, i32 %2, i32 %3) #69 Function:nfs4_do_close %4 = alloca %struct.rpc_message, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 4 %7 = load %struct.inode.733*, %struct.inode.733** %6, align 8 %8 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %7, i64 0, i32 8 %9 = load %struct.super_block.720*, %struct.super_block.720** %8, align 8 %10 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %9, i64 0, i32 30 %11 = bitcast i8** %10 to %struct.nfs_server.197100** %12 = load %struct.nfs_server.197100*, %struct.nfs_server.197100** %11, align 64 %13 = getelementptr inbounds %struct.nfs4_state.197134, %struct.nfs4_state.197134* %0, i64 0, i32 3 %14 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %13, align 8 %15 = bitcast %struct.rpc_message* %4 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([0 x %struct.rpc_procinfo], [0 x %struct.rpc_procinfo]* bitcast ([62 x %struct.rpc_procinfo.197853]* @nfs4_procedures to [0 x %struct.rpc_procinfo]*), i64 0, i64 8), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 1 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 2 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %14, i64 0, i32 4 %21 = bitcast %struct.rpc_cred** %20 to i64* %22 = bitcast i8** %17 to i8* %23 = load i64, i64* %21, align 8 %24 = bitcast %struct.rpc_cred** %19 to i64* store i64 %23, i64* %24, align 8 %25 = bitcast %struct.rpc_task_setup* %5 to i8* %26 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %26, align 8 %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %28 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = load i64, i64* %29, align 8 %31 = bitcast %struct.rpc_clnt** %27 to i64* store i64 %30, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 store %struct.rpc_xprt* null, %struct.rpc_xprt** %32, align 8 %33 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 3 store %struct.rpc_message* %4, %struct.rpc_message** %33, align 8 %34 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 store %struct.rpc_call_ops* @nfs4_close_ops, %struct.rpc_call_ops** %34, align 8 %35 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 store i8* null, i8** %35, align 8 %36 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %37 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %38 = bitcast %struct.workqueue_struct** %36 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store i16 1, i16* %39, align 8 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i8 0, i8* %40, align 2 %41 = getelementptr inbounds %struct.nfs_server.197100, %struct.nfs_server.197100* %12, i64 0, i32 0 %42 = or i32 %1, 32768 %43 = and i32 %1, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([14 x %struct.kmem_cache*], [14 x %struct.kmem_cache*]* @kmalloc_caches, i64 0, i64 10), align 16 %47 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 %42, i64 584) #69 br label %50 %51 = phi i8* [ %49, %48 ], [ %47, %45 ] %52 = icmp eq i8* %51, null br i1 %52, label %122, label %53 %54 = getelementptr inbounds i8, i8* %51, i64 16 %55 = getelementptr inbounds i8, i8* %51, i64 96 %56 = bitcast i8* %54 to %struct.nfs4_slot.197116** store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %56, align 8 %57 = getelementptr inbounds i8, i8* %51, i64 24 %58 = load i8, i8* %57, align 8 %59 = and i8 %58, -4 %60 = or i8 %59, 1 store i8 %60, i8* %57, align 8 %61 = bitcast i8* %55 to %struct.nfs4_slot.197116** store %struct.nfs4_slot.197116* null, %struct.nfs4_slot.197116** %61, align 8 %62 = bitcast %struct.inode.733** %6 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast i8* %51 to %struct.inode.733** %65 = bitcast i8* %51 to i64* store i64 %63, i64* %65, align 8 %66 = getelementptr inbounds i8, i8* %51, i64 8 %67 = bitcast i8* %66 to %struct.nfs4_state.197134** store %struct.nfs4_state.197134* %0, %struct.nfs4_state.197134** %67, align 8 %68 = inttoptr i64 %63 to %struct.inode.733* %69 = getelementptr %struct.inode.733, %struct.inode.733* %68, i64 -1, i32 16, i32 1 %70 = getelementptr inbounds i8, i8* %51, i64 32 %71 = bitcast i8* %70 to i64** store i64* %69, i64** %71, align 8 %72 = getelementptr inbounds i8, i8* %51, i64 40 %73 = bitcast i8* %72 to %struct.nfs4_stateid_struct* %74 = call zeroext i1 bitcast (i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_state.198680*)* @nfs4_copy_open_stateid to i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_state.197134*)*)(%struct.nfs4_stateid_struct* %73, %struct.nfs4_state.197134* %0) #69 br i1 %74, label %75, label %121 %76 = load %struct.nfs_client.197162*, %struct.nfs_client.197162** %41, align 8 %77 = getelementptr inbounds %struct.nfs_client.197162, %struct.nfs_client.197162* %76, i64 0, i32 29 %78 = load %struct.nfs4_minor_version_ops.197171*, %struct.nfs4_minor_version_ops.197171** %77, align 8 %79 = getelementptr inbounds %struct.nfs4_minor_version_ops.197171, %struct.nfs4_minor_version_ops.197171* %78, i64 0, i32 8 %80 = load %struct.nfs_seqid* (%struct.nfs_seqid_counter*, i32)*, %struct.nfs_seqid* (%struct.nfs_seqid_counter*, i32)** %79, align 8 %81 = load %struct.nfs4_state_owner.197130*, %struct.nfs4_state_owner.197130** %13, align 8 %82 = getelementptr inbounds %struct.nfs4_state_owner.197130, %struct.nfs4_state_owner.197130* %81, i64 0, i32 9 %83 = call %struct.nfs_seqid* %80(%struct.nfs_seqid_counter* %82, i32 %1) #69 %84 = getelementptr inbounds i8, i8* %51, i64 64 %85 = bitcast i8* %84 to %struct.nfs_seqid** store %struct.nfs_seqid* %83, %struct.nfs_seqid** %85, align 8 %86 = icmp ugt %struct.nfs_seqid* %83, inttoptr (i64 -4096 to %struct.nfs_seqid*) br i1 %86, label %121, label %87 %88 = getelementptr inbounds i8, i8* %51, i64 360 %89 = bitcast i8* %88 to %struct.nfs_fattr* call void @nfs_fattr_init(%struct.nfs_fattr* %89) #69 %90 = getelementptr inbounds i8, i8* %51, i64 72 %91 = bitcast i8* %90 to i32* store i32 0, i32* %91, align 8 %92 = getelementptr inbounds i8, i8* %51, i64 336 %93 = getelementptr inbounds i8, i8* %51, i64 272 %94 = bitcast i8* %93 to i8** store i8* %92, i8** %94, align 8 %95 = getelementptr inbounds i8, i8* %51, i64 152 %96 = bitcast i8* %95 to i8** store i8* %88, i8** %96, align 8 %97 = bitcast i8* %84 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds i8, i8* %51, i64 160 %100 = bitcast i8* %99 to i64* store i64 %98, i64* %100, align 8 %101 = getelementptr inbounds i8, i8* %51, i64 168 %102 = bitcast i8* %101 to %struct.nfs_server.197100** store %struct.nfs_server.197100* %12, %struct.nfs_server.197100** %102, align 8 %103 = getelementptr inbounds i8, i8* %51, i64 184 %104 = bitcast i8* %103 to i32* store i32 -10060, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %51, i64 356 store i8 0, i8* %105, align 4 %106 = load %struct.inode.733*, %struct.inode.733** %64, align 8 %107 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %106, i64 0, i32 8 %108 = load %struct.super_block.720*, %struct.super_block.720** %107, align 8 %109 = call zeroext i1 bitcast (i1 (%struct.super_block.181391*)* @nfs_sb_active to i1 (%struct.super_block.720*)*)(%struct.super_block.720* %108) #69 store i8* %54, i8** %17, align 8 store i8* %55, i8** %18, align 8 store i8* %51, i8** %35, align 8 %110 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 6291456) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule_timeout 5 mempool_alloc 6 bio_alloc_bioset 7 blkdev_issue_flush 8 ext4_sync_file ------------- Path:  Function:ext4_sync_file %5 = getelementptr inbounds %struct.file.160848, %struct.file.160848* %0, i64 0, i32 19 %6 = load %struct.address_space.160992*, %struct.address_space.160992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.160992, %struct.address_space.160992* %6, i64 0, i32 0 %8 = load %struct.inode.160989*, %struct.inode.160989** %7, align 8 %9 = getelementptr %struct.inode.160989, %struct.inode.160989* %8, i64 -1, i32 38 %10 = bitcast %struct.file_operations.160825** %9 to %struct.ext4_inode_info.161111* %11 = getelementptr inbounds %struct.inode.160989, %struct.inode.160989* %8, i64 0, i32 8 %12 = load %struct.super_block.160975*, %struct.super_block.160975** %11, align 8 %13 = getelementptr inbounds %struct.super_block.160975, %struct.super_block.160975* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.ext4_sb_info.161123** %15 = load %struct.ext4_sb_info.161123*, %struct.ext4_sb_info.161123** %14, align 64 %16 = getelementptr inbounds %struct.ext4_sb_info.161123, %struct.ext4_sb_info.161123* %15, i64 0, i32 45 %17 = load %struct.journal_s.161107*, %struct.journal_s.161107** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info.161123, %struct.ext4_sb_info.161123* %15, i64 0, i32 48 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 2 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %211, !prof !4, !misexpect !5 %23 = tail call %struct.task_struct.161080* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.161080** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.161080**)) #10, !srcloc !6 %24 = getelementptr inbounds %struct.task_struct.161080, %struct.task_struct.161080* %23, i64 0, i32 108 %25 = bitcast i8** %24 to %struct.jbd2_journal_handle.161125** %26 = load %struct.jbd2_journal_handle.161125*, %struct.jbd2_journal_handle.161125** %25, align 64 %27 = icmp eq %struct.jbd2_journal_handle.161125* %26, null br i1 %27, label %29, label %28, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_sync_file_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@ext4_sync_file, %30)) #6 to label %52 [label %30], !srcloc !9 %53 = load %struct.super_block.160975*, %struct.super_block.160975** %11, align 8 %54 = getelementptr inbounds %struct.super_block.160975, %struct.super_block.160975* %53, i64 0, i32 10 %55 = load i64, i64* %54, align 16 %56 = and i64 %55, 1 %57 = icmp eq i64 %56, 0 br i1 %57, label %68, label %58 %69 = icmp eq %struct.journal_s.161107* %17, null br i1 %69, label %70, label %117 %118 = tail call i32 bitcast (i32 (%struct.file.100641*, i64, i64)* @file_write_and_wait_range to i32 (%struct.file.160848*, i64, i64)*)(%struct.file.160848* %0, i64 %1, i64 %2) #69 %119 = icmp eq i32 %118, 0 br i1 %119, label %120, label %211 %121 = load %struct.super_block.160975*, %struct.super_block.160975** %11, align 8 %122 = getelementptr inbounds %struct.super_block.160975, %struct.super_block.160975* %121, i64 0, i32 30 %123 = bitcast i8** %122 to %struct.ext4_sb_info.161123** %124 = load %struct.ext4_sb_info.161123*, %struct.ext4_sb_info.161123** %123, align 64 %125 = getelementptr inbounds %struct.ext4_sb_info.161123, %struct.ext4_sb_info.161123* %124, i64 0, i32 45 %126 = load %struct.journal_s.161107*, %struct.journal_s.161107** %125, align 16 %127 = icmp eq %struct.journal_s.161107* %126, null br i1 %127, label %157, label %128 %158 = icmp eq i32 %3, 0 %159 = getelementptr inbounds %struct.ext4_inode_info.161111, %struct.ext4_inode_info.161111* %10, i64 0, i32 37 %160 = getelementptr inbounds %struct.file_operations.160825*, %struct.file_operations.160825** %9, i64 127 %161 = bitcast %struct.file_operations.160825** %160 to i32* %162 = select i1 %158, i32* %161, i32* %159 %163 = load i32, i32* %162, align 4 %164 = getelementptr inbounds %struct.journal_s.161107, %struct.journal_s.161107* %17, i64 0, i32 0 %165 = load i64, i64* %164, align 8 %166 = and i64 %165, 32 %167 = icmp eq i64 %166, 0 br i1 %167, label %168, label %170 %171 = tail call i32 bitcast (i32 (%struct.journal_s.159065*, i32)* @jbd2_trans_will_send_data_barrier to i32 (%struct.journal_s.161107*, i32)*)(%struct.journal_s.161107* nonnull %17, i32 %163) #69 %172 = icmp eq i32 %171, 0 %173 = tail call i32 bitcast (i32 (%struct.journal_s.159065*, i32)* @jbd2_complete_transaction to i32 (%struct.journal_s.161107*, i32)*)(%struct.journal_s.161107* nonnull %17, i32 %163) #69 br i1 %172, label %174, label %184 %175 = load %struct.super_block.160975*, %struct.super_block.160975** %11, align 8 br label %176 %177 = phi %struct.super_block.160975* [ %175, %174 ], [ %109, %107 ] %178 = phi i32 [ %173, %174 ], [ %108, %107 ] %179 = getelementptr inbounds %struct.super_block.160975, %struct.super_block.160975* %177, i64 0, i32 21 %180 = load %struct.block_device.160960*, %struct.block_device.160960** %179, align 8 %181 = tail call i32 bitcast (i32 (%struct.block_device.252660*, i32, i64*)* @blkdev_issue_flush to i32 (%struct.block_device.160960*, i32, i64*)*)(%struct.block_device.160960* %180, i32 6291648, i64* null) #69 Function:blkdev_issue_flush %4 = getelementptr inbounds %struct.block_device.252660, %struct.block_device.252660* %0, i64 0, i32 16 %5 = load %struct.gendisk.252756*, %struct.gendisk.252756** %4, align 8 %6 = icmp eq %struct.gendisk.252756* %5, null br i1 %6, label %42, label %7 %8 = getelementptr inbounds %struct.gendisk.252756, %struct.gendisk.252756* %5, i64 0, i32 10 %9 = load %struct.request_queue.252600*, %struct.request_queue.252600** %8, align 8 %10 = icmp eq %struct.request_queue.252600* %9, null br i1 %10, label %42, label %11 %12 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %9, i64 0, i32 9 %13 = load i32 (%struct.request_queue.252600*, %struct.bio.252760*)*, i32 (%struct.request_queue.252600*, %struct.bio.252760*)** %12, align 8 %14 = icmp eq i32 (%struct.request_queue.252600*, %struct.bio.252760*)* %13, null br i1 %14, label %42, label %15 %16 = tail call %struct.bio.252760* bitcast (%struct.bio.250740* (i32, i32, %struct.bio_set.250742*)* @bio_alloc_bioset to %struct.bio.252760* (i32, i32, %struct.bio_set.252762*)*)(i32 %1, i32 0, %struct.bio_set.252762* nonnull bitcast (%struct.bio_set.250742* @fs_bio_set to %struct.bio_set.252762*)) #69 Function:bio_alloc_bioset %4 = alloca i64, align 8 %5 = icmp eq %struct.bio_set.250742* %2, null br i1 %5, label %6, label %13 %14 = getelementptr inbounds %struct.bio_set.250742, %struct.bio_set.250742* %2, i64 0, i32 3, i32 3 %15 = load i8**, i8*** %14, align 8 %16 = icmp eq i8** %15, null %17 = icmp ne i32 %1, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %20, !prof !4, !misexpect !5 %21 = tail call %struct.task_struct.250613* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.250613** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.250613**)) #10, !srcloc !8 %22 = getelementptr inbounds %struct.task_struct.250613, %struct.task_struct.250613* %21, i64 0, i32 109 %23 = load %struct.bio_list.250741*, %struct.bio_list.250741** %22, align 8 %24 = icmp eq %struct.bio_list.250741* %23, null br i1 %24, label %39, label %25 %26 = getelementptr inbounds %struct.bio_list.250741, %struct.bio_list.250741* %23, i64 0, i32 0 %27 = load %struct.bio.250740*, %struct.bio.250740** %26, align 8 %28 = icmp eq %struct.bio.250740* %27, null br i1 %28, label %29, label %33 %30 = getelementptr %struct.bio_list.250741, %struct.bio_list.250741* %23, i64 1, i32 0 %31 = load %struct.bio.250740*, %struct.bio.250740** %30, align 8 %32 = icmp eq %struct.bio.250740* %31, null br i1 %32, label %39, label %33 %40 = phi i32 [ %0, %29 ], [ %0, %20 ], [ %38, %33 ] %41 = getelementptr inbounds %struct.bio_set.250742, %struct.bio_set.250742* %2, i64 0, i32 2 %42 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %41, i32 %40) #69 %43 = icmp eq i8* %42, null br i1 %43, label %44, label %48 %45 = icmp eq i32 %40, %0 br i1 %45, label %48, label %46 tail call fastcc void @punt_bios_to_rescuer(%struct.bio_set.250742* nonnull %2) #70 %47 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %41, i32 %0) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 2097152 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 70144 %11 = and i32 %10, -2097217 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 44 %4 = load i8, i8* %3, align 16 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 16 %6 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %2, i64 0, i32 110 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 16 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule 5 wait_on_page_bit_common 6 wait_on_page_bit 7 migrate_pages 8 kernel_mbind 9 __ia32_compat_sys_mbind ------------- Path:  Function:__ia32_compat_sys_mbind %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = bitcast %struct.cpumask* %2 to i8* %21 = add i64 %16, 4294967295 %22 = and i64 %21, 4294967295 %23 = icmp ult i64 %22, 64 %24 = select i1 %23, i64 %22, i64 64 %25 = add nuw nsw i64 %24, 63 %26 = lshr i64 %25, 3 %27 = and i64 %26, 24 %28 = icmp eq i64 %14, 0 br i1 %28, label %39, label %29 %30 = inttoptr i64 %14 to i32* %31 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %32 = call i64 @compat_get_bitmap(i64* nonnull %31, i32* nonnull %30, i64 %24) #69 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %43 %35 = call i8* @compat_alloc_user_space(i64 %27) #69 %36 = bitcast i8* %35 to i64* %37 = call i64 @_copy_to_user(i8* %35, i8* nonnull %20, i64 %27) #69 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %43 %40 = phi i64* [ %36, %34 ], [ null, %1 ] %41 = add nuw nsw i64 %24, 1 %42 = call fastcc i64 @kernel_mbind(i64 %5, i64 %8, i64 %11, i64* %40, i64 %41, i32 %19) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 %137 = icmp slt i32 %136, 0 br i1 %137, label %316, label %138 %139 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64)* @find_vma to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, i64)*)(%struct.mm_struct.39317* %32, i64 %0) #70 %140 = icmp eq %struct.vm_area_struct.39266* %139, null br i1 %140, label %316, label %141 %142 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 0 %143 = load i64, i64* %142, align 8 %144 = icmp ugt i64 %143, %0 br i1 %144, label %316, label %145 %146 = icmp ne %struct.mempolicy* %93, null %147 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 1 %148 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %149 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 4, i32 0, i32 0, i64 0 %150 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3 %151 = bitcast %struct.arch_tlbflush_unmap_batch* %150 to i16* %152 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3, i32 0, i32 0, i64 0 %153 = icmp ult i64 %143, %51 br i1 %153, label %154, label %292 %155 = icmp ult i64 %143, %0 %156 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 3 %157 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %156, align 8 %158 = select i1 %155, %struct.vm_area_struct.39266* %139, %struct.vm_area_struct.39266* %157 br label %159 %160 = phi %struct.vm_area_struct.39266* [ %286, %288 ], [ %139, %154 ] %161 = phi %struct.vm_area_struct.39266* [ %284, %288 ], [ %158, %154 ] %162 = phi i64 [ %290, %288 ], [ %143, %154 ] %163 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 0 %164 = icmp ult i64 %162, %0 %165 = select i1 %164, i64 %0, i64 %162 %166 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 1 %167 = load i64, i64* %166, align 8 %168 = icmp ugt i64 %167, %51 %169 = select i1 %168, i64 %51, i64 %167 %170 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 17 %171 = load %struct.mempolicy*, %struct.mempolicy** %170, align 8 %172 = icmp eq %struct.mempolicy* %171, %93 br i1 %172, label %283, label %173 %174 = icmp ne %struct.mempolicy* %171, null %175 = and i1 %146, %174 br i1 %175, label %176, label %209 %177 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 1 %178 = load i16, i16* %177, align 4 %179 = load i16, i16* %147, align 4 %180 = icmp eq i16 %178, %179 br i1 %180, label %181, label %209 %182 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 2 %183 = load i16, i16* %182, align 2 %184 = load i16, i16* %148, align 2 %185 = icmp eq i16 %183, %184 br i1 %185, label %186, label %209 %187 = icmp ult i16 %183, 16384 br i1 %187, label %193, label %188 %189 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 4, i32 0, i32 0, i64 0 %190 = load i64, i64* %189, align 8 %191 = load i64, i64* %149, align 8 %192 = icmp eq i64 %190, %191 br i1 %192, label %193, label %209 switch i16 %178, label %203 [ i16 2, label %204 i16 3, label %204 i16 1, label %194 ] %205 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 3, i32 0, i32 0, i64 0 %206 = load i64, i64* %205, align 8 %207 = load i64, i64* %152, align 8 %208 = icmp eq i64 %206, %207 br i1 %208, label %283, label %209 %210 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 13 %211 = load i64, i64* %210, align 8 %212 = sub i64 %165, %162 %213 = lshr i64 %212, 12 %214 = add i64 %211, %213 %215 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 8 %216 = load i64, i64* %215, align 8 %217 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 11 %218 = load %struct.anon_vma.39259*, %struct.anon_vma.39259** %217, align 8 %219 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 14 %220 = load %struct.file.39652*, %struct.file.39652** %219, align 8 %221 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i64, i64, %struct.anon_vma.111347*, %struct.file.111694*, i64, %struct.mempolicy*)* @vma_merge to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i64, i64, %struct.anon_vma.39259*, %struct.file.39652*, i64, %struct.mempolicy*)*)(%struct.mm_struct.39317* %32, %struct.vm_area_struct.39266* %161, i64 %165, i64 %169, i64 %216, %struct.anon_vma.39259* %218, %struct.file.39652* %220, i64 %214, %struct.mempolicy* %93) #70 %222 = icmp eq %struct.vm_area_struct.39266* %221, null br i1 %222, label %223, label %239 %224 = load i64, i64* %163, align 8 %225 = icmp eq i64 %224, %165 br i1 %225, label %231, label %226 %227 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %228 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %227, align 8 %229 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %228, %struct.vm_area_struct.39266* nonnull %160, i64 %165, i32 1) #70 %230 = icmp eq i32 %229, 0 br i1 %230, label %231, label %316 %232 = load i64, i64* %166, align 8 %233 = icmp eq i64 %232, %169 br i1 %233, label %239, label %234 %235 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %236 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %235, align 8 %237 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %236, %struct.vm_area_struct.39266* nonnull %160, i64 %169, i32 0) #70 %238 = icmp eq i32 %237, 0 br i1 %238, label %239, label %316 %240 = phi %struct.vm_area_struct.39266* [ %160, %234 ], [ %160, %231 ], [ %221, %209 ] br i1 %101, label %245, label %241 %242 = call %struct.mempolicy* @__mpol_dup(%struct.mempolicy* nonnull %93) #70 %243 = bitcast %struct.mempolicy* %242 to i8* %244 = icmp ugt %struct.mempolicy* %242, inttoptr (i64 -4096 to %struct.mempolicy*) br i1 %244, label %279, label %245 %280 = ptrtoint %struct.mempolicy* %242 to i64 %281 = trunc i64 %280 to i32 %282 = icmp eq i32 %281, 0 br i1 %282, label %283, label %313 %284 = phi %struct.vm_area_struct.39266* [ %160, %204 ], [ %240, %279 ], [ %160, %197 ], [ %160, %159 ], [ %160, %194 ], [ %240, %258 ], [ %240, %262 ], [ %240, %267 ] %285 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %284, i64 0, i32 2 %286 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %285, align 8 %287 = icmp eq %struct.vm_area_struct.39266* %286, null br i1 %287, label %292, label %288 %289 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %286, i64 0, i32 0 %290 = load i64, i64* %289, align 8 %291 = icmp ult i64 %290, %51 br i1 %291, label %159, label %292 %293 = bitcast %struct.list_head* %9 to i64* %294 = load volatile i64, i64* %293, align 8 %295 = inttoptr i64 %294 to %struct.list_head* %296 = icmp eq %struct.list_head* %9, %295 br i1 %296, label %305, label %297 %298 = and i64 %103, 8 %299 = icmp eq i64 %298, 0 br i1 %299, label %301, label %300, !prof !10, !misexpect !11 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.13389, i64 0, i64 0), i32 1282, i32 2307, i64 12) #6, !srcloc !12 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 119) #6, !srcloc !13 br label %301 %302 = call i32 bitcast (i32 (%struct.list_head*, %struct.page* (%struct.page*, i64)*, void (%struct.page*, i64)*, i64, i32, i32)* @migrate_pages to i32 (%struct.list_head*, %struct.page.39615* (%struct.page.39615*, i64)*, void (%struct.page.39615*, i64)*, i64, i32, i32)*)(%struct.list_head* nonnull %9, %struct.page.39615* (%struct.page.39615*, i64)* nonnull @new_page, void (%struct.page.39615*, i64)* null, i64 %0, i32 2, i32 4) #70 Function:migrate_pages %7 = alloca %struct.rmap_walk_control.119986, align 8 %8 = alloca %struct.rmap_walk_control.119986, align 8 %9 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8388608 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %16 %17 = bitcast %struct.list_head* %0 to i8** %18 = and i32 %4, -2 %19 = icmp eq i32 %18, 2 %20 = bitcast %struct.rmap_walk_control.119986* %8 to i8* %21 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 0 %22 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 1 %23 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 2 %24 = bitcast i32 (%struct.page*)** %23 to i8* %25 = icmp eq i32 %4, 0 %26 = icmp ne i32 %18, 2 %27 = select i1 %26, i32 -16, i32 -11 %28 = bitcast %struct.rmap_walk_control.119986* %7 to i8* %29 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 1 %31 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 2 %32 = bitcast i32 (%struct.page*)** %31 to i8* %33 = icmp eq void (%struct.page*, i64)* %2, null br label %34 %35 = phi i32 [ 0, %16 ], [ %513, %517 ] %36 = phi i32 [ 0, %16 ], [ %512, %517 ] %37 = phi i32 [ 0, %16 ], [ %518, %517 ] %38 = load i8*, i8** %17, align 8 %39 = bitcast i8* %38 to %struct.list_head* %40 = icmp eq %struct.list_head* %39, %0 br i1 %40, label %522, label %41 %42 = icmp ugt i32 %37, 2 %43 = and i1 %19, %42 %44 = xor i1 %42, true %45 = or i1 %25, %44 %46 = or i1 %26, %44 br label %47 %48 = phi i8* [ %38, %41 ], [ %55, %511 ] %49 = phi i32 [ 0, %41 ], [ %514, %511 ] %50 = phi i32 [ %35, %41 ], [ %513, %511 ] %51 = phi i32 [ %36, %41 ], [ %512, %511 ] %52 = getelementptr i8, i8* %48, i64 -8 %53 = bitcast i8* %52 to %struct.page* %54 = bitcast i8* %48 to i8** %55 = load i8*, i8** %54, align 8 %56 = call i32 @_cond_resched() #69 %57 = call i32 bitcast (i32 (%struct.page.117978*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %53) #69 %58 = icmp eq i32 %57, 0 br i1 %58, label %181, label %59 %182 = call %struct.page* %1(%struct.page* %53, i64 %3) #69 %183 = icmp eq %struct.page* %182, null br i1 %183, label %503, label %184 %185 = bitcast i8* %48 to i64* %186 = load volatile i64, i64* %185, align 8 %187 = and i64 %186, 1 %188 = icmp eq i64 %187, 0 %189 = add i64 %186, -1 %190 = inttoptr i64 %189 to %struct.page* %191 = select i1 %188, %struct.page* %53, %struct.page* %190, !prof !5 %192 = getelementptr inbounds %struct.page, %struct.page* %191, i64 0, i32 3, i32 0 %193 = load volatile i32, i32* %192, align 4 %194 = icmp eq i32 %193, 1 br i1 %194, label %195, label %251 %252 = getelementptr i8, i8* %48, i64 16 %253 = bitcast i8* %252 to %struct.address_space** %254 = bitcast i8* %252 to i64* %255 = load i64, i64* %254, align 8 %256 = and i64 %255, 3 %257 = icmp eq i64 %256, 2 %258 = load volatile i64, i64* %185, align 8 %259 = and i64 %258, 1 %260 = icmp eq i64 %259, 0 %261 = add i64 %258, -1 %262 = inttoptr i64 %261 to %struct.page* %263 = select i1 %260, %struct.page* %53, %struct.page* %262, !prof !5 %264 = getelementptr inbounds %struct.page, %struct.page* %263, i64 0, i32 0 %265 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %264, i64 0, i64* %264) #6, !srcloc !6 %266 = and i8 %265, 1 %267 = icmp eq i8 %266, 0 br i1 %267, label %286, label %268 br i1 %45, label %484, label %269 %270 = load i32, i32* %10, align 4 %271 = and i32 %270, 2048 %272 = icmp eq i32 %271, 0 br i1 %272, label %273, label %484 %274 = call i32 @_cond_resched() #69 %275 = load volatile i64, i64* %185, align 8 %276 = and i64 %275, 1 %277 = icmp eq i64 %276, 0 %278 = add i64 %275, -1 %279 = inttoptr i64 %278 to %struct.page* %280 = select i1 %277, %struct.page* %53, %struct.page* %279, !prof !5 %281 = getelementptr inbounds %struct.page, %struct.page* %280, i64 0, i32 0 %282 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %281, i64 0, i64* %281) #6, !srcloc !6 %283 = and i8 %282, 1 %284 = icmp eq i8 %283, 0 br i1 %284, label %286, label %285 call void bitcast (void (%struct.page.100587*)* @__lock_page to void (%struct.page*)*)(%struct.page* %53) #69 br label %286 %287 = load volatile i64, i64* %185, align 8 %288 = and i64 %287, 1 %289 = icmp eq i64 %288, 0 %290 = add i64 %287, -1 %291 = inttoptr i64 %290 to %struct.page* %292 = select i1 %289, %struct.page* %53, %struct.page* %291, !prof !5 %293 = getelementptr inbounds %struct.page, %struct.page* %292, i64 0, i32 0 %294 = load volatile i64, i64* %293, align 8 %295 = and i64 %294, 16384 %296 = icmp eq i64 %295, 0 br i1 %296, label %310, label %297 br i1 %46, label %367, label %298 %299 = load volatile i64, i64* %185, align 8 %300 = and i64 %299, 1 %301 = icmp eq i64 %300, 0 %302 = add i64 %299, -1 %303 = inttoptr i64 %302 to %struct.page* %304 = select i1 %301, %struct.page* %53, %struct.page* %303, !prof !5 %305 = getelementptr inbounds %struct.page, %struct.page* %304, i64 0, i32 0 %306 = load volatile i64, i64* %305, align 8 %307 = and i64 %306, 16384 %308 = icmp eq i64 %307, 0 br i1 %308, label %310, label %309 call void bitcast (void (%struct.page.100587*, i32)* @wait_on_page_bit to void (%struct.page*, i32)*)(%struct.page* %53, i32 14) #69 Function:wait_on_page_bit %3 = ptrtoint %struct.page.100587* %0 to i64 %4 = mul i64 %3, 7046029254386353131 %5 = lshr i64 %4, 56 %6 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @page_wait_table, i64 0, i64 %5 %7 = tail call fastcc i32 @wait_on_page_bit_common(%struct.wait_queue_head* %6, %struct.page.100587* %0, i32 %1, i32 2, i1 zeroext false) #69 Function:wait_on_page_bit_common %6 = alloca %struct.wait_page_queue, align 8 %7 = alloca i64, align 8 %8 = bitcast %struct.wait_page_queue* %6 to i8* %9 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2 %10 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 1 %12 = bitcast i8** %11 to %struct.task_struct.100571** store %struct.task_struct.100571* %10, %struct.task_struct.100571** %12, align 8 %13 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 2 %14 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3 %15 = ptrtoint %struct.list_head* %14 to i64 %16 = bitcast %struct.list_head* %14 to i64* store volatile i64 %15, i64* %16, align 8 %17 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3, i32 1 store %struct.list_head* %14, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 0 %19 = zext i1 %4 to i32 store i32 %19, i32* %18, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @wake_page_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %13, align 8 %20 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 0 store %struct.page.100587* %1, %struct.page.100587** %20, align 8 %21 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 1 store i32 %2, i32* %21, align 8 %22 = zext i32 %3 to i64 %23 = and i64 %22, 1 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1 %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %28 = bitcast %struct.page.100587* %1 to i8* %29 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 1 %30 = bitcast %struct.wait_queue_head* %0 to i8* %31 = sext i32 %2 to i64 %32 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %1, i64 0, i32 0 %33 = and i64 %22, 257 %34 = icmp eq i64 %33, 0 %35 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 0, i32 0 %36 = icmp eq i64 %23, 0 %37 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 91, i32 1, i32 0, i64 0 %38 = bitcast i64* %7 to i8* br label %39 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %24) #69 %40 = load volatile i64, i64* %16, align 8 %41 = inttoptr i64 %40 to %struct.list_head* %42 = icmp eq %struct.list_head* %14, %41 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 store volatile i64 %22, i64* %7, align 8 %47 = load volatile i64, i64* %7, align 8 %48 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %47, i64* %29) #6, !srcloc !8 store volatile i64 %48, i64* %7, align 8 %49 = load volatile i64, i64* %7, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %30, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %50 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %31) #6, !srcloc !12 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53, !prof !13, !misexpect !6 call void @io_schedule() #69 Function:io_schedule %1 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 44 %3 = load i8, i8* %2, align 16 %4 = or i8 %3, 2 store i8 %4, i8* %2, align 16 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 110 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, null br i1 %7, label %9, label %8 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %6, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule 5 wait_on_page_bit_common 6 wait_on_page_bit 7 migrate_pages 8 kernel_mbind 9 __ia32_sys_mbind ------------- Path:  Function:__ia32_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = inttoptr i64 %13 to i64* %20 = trunc i64 %18 to i32 %21 = tail call fastcc i64 @kernel_mbind(i64 %4, i64 %7, i64 %10, i64* %19, i64 %16, i32 %20) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 %137 = icmp slt i32 %136, 0 br i1 %137, label %316, label %138 %139 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64)* @find_vma to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, i64)*)(%struct.mm_struct.39317* %32, i64 %0) #70 %140 = icmp eq %struct.vm_area_struct.39266* %139, null br i1 %140, label %316, label %141 %142 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 0 %143 = load i64, i64* %142, align 8 %144 = icmp ugt i64 %143, %0 br i1 %144, label %316, label %145 %146 = icmp ne %struct.mempolicy* %93, null %147 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 1 %148 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %149 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 4, i32 0, i32 0, i64 0 %150 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3 %151 = bitcast %struct.arch_tlbflush_unmap_batch* %150 to i16* %152 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3, i32 0, i32 0, i64 0 %153 = icmp ult i64 %143, %51 br i1 %153, label %154, label %292 %155 = icmp ult i64 %143, %0 %156 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 3 %157 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %156, align 8 %158 = select i1 %155, %struct.vm_area_struct.39266* %139, %struct.vm_area_struct.39266* %157 br label %159 %160 = phi %struct.vm_area_struct.39266* [ %286, %288 ], [ %139, %154 ] %161 = phi %struct.vm_area_struct.39266* [ %284, %288 ], [ %158, %154 ] %162 = phi i64 [ %290, %288 ], [ %143, %154 ] %163 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 0 %164 = icmp ult i64 %162, %0 %165 = select i1 %164, i64 %0, i64 %162 %166 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 1 %167 = load i64, i64* %166, align 8 %168 = icmp ugt i64 %167, %51 %169 = select i1 %168, i64 %51, i64 %167 %170 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 17 %171 = load %struct.mempolicy*, %struct.mempolicy** %170, align 8 %172 = icmp eq %struct.mempolicy* %171, %93 br i1 %172, label %283, label %173 %174 = icmp ne %struct.mempolicy* %171, null %175 = and i1 %146, %174 br i1 %175, label %176, label %209 %177 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 1 %178 = load i16, i16* %177, align 4 %179 = load i16, i16* %147, align 4 %180 = icmp eq i16 %178, %179 br i1 %180, label %181, label %209 %182 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 2 %183 = load i16, i16* %182, align 2 %184 = load i16, i16* %148, align 2 %185 = icmp eq i16 %183, %184 br i1 %185, label %186, label %209 %187 = icmp ult i16 %183, 16384 br i1 %187, label %193, label %188 %189 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 4, i32 0, i32 0, i64 0 %190 = load i64, i64* %189, align 8 %191 = load i64, i64* %149, align 8 %192 = icmp eq i64 %190, %191 br i1 %192, label %193, label %209 switch i16 %178, label %203 [ i16 2, label %204 i16 3, label %204 i16 1, label %194 ] %205 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 3, i32 0, i32 0, i64 0 %206 = load i64, i64* %205, align 8 %207 = load i64, i64* %152, align 8 %208 = icmp eq i64 %206, %207 br i1 %208, label %283, label %209 %210 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 13 %211 = load i64, i64* %210, align 8 %212 = sub i64 %165, %162 %213 = lshr i64 %212, 12 %214 = add i64 %211, %213 %215 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 8 %216 = load i64, i64* %215, align 8 %217 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 11 %218 = load %struct.anon_vma.39259*, %struct.anon_vma.39259** %217, align 8 %219 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 14 %220 = load %struct.file.39652*, %struct.file.39652** %219, align 8 %221 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i64, i64, %struct.anon_vma.111347*, %struct.file.111694*, i64, %struct.mempolicy*)* @vma_merge to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i64, i64, %struct.anon_vma.39259*, %struct.file.39652*, i64, %struct.mempolicy*)*)(%struct.mm_struct.39317* %32, %struct.vm_area_struct.39266* %161, i64 %165, i64 %169, i64 %216, %struct.anon_vma.39259* %218, %struct.file.39652* %220, i64 %214, %struct.mempolicy* %93) #70 %222 = icmp eq %struct.vm_area_struct.39266* %221, null br i1 %222, label %223, label %239 %224 = load i64, i64* %163, align 8 %225 = icmp eq i64 %224, %165 br i1 %225, label %231, label %226 %227 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %228 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %227, align 8 %229 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %228, %struct.vm_area_struct.39266* nonnull %160, i64 %165, i32 1) #70 %230 = icmp eq i32 %229, 0 br i1 %230, label %231, label %316 %232 = load i64, i64* %166, align 8 %233 = icmp eq i64 %232, %169 br i1 %233, label %239, label %234 %235 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %236 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %235, align 8 %237 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %236, %struct.vm_area_struct.39266* nonnull %160, i64 %169, i32 0) #70 %238 = icmp eq i32 %237, 0 br i1 %238, label %239, label %316 %240 = phi %struct.vm_area_struct.39266* [ %160, %234 ], [ %160, %231 ], [ %221, %209 ] br i1 %101, label %245, label %241 %242 = call %struct.mempolicy* @__mpol_dup(%struct.mempolicy* nonnull %93) #70 %243 = bitcast %struct.mempolicy* %242 to i8* %244 = icmp ugt %struct.mempolicy* %242, inttoptr (i64 -4096 to %struct.mempolicy*) br i1 %244, label %279, label %245 %280 = ptrtoint %struct.mempolicy* %242 to i64 %281 = trunc i64 %280 to i32 %282 = icmp eq i32 %281, 0 br i1 %282, label %283, label %313 %284 = phi %struct.vm_area_struct.39266* [ %160, %204 ], [ %240, %279 ], [ %160, %197 ], [ %160, %159 ], [ %160, %194 ], [ %240, %258 ], [ %240, %262 ], [ %240, %267 ] %285 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %284, i64 0, i32 2 %286 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %285, align 8 %287 = icmp eq %struct.vm_area_struct.39266* %286, null br i1 %287, label %292, label %288 %289 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %286, i64 0, i32 0 %290 = load i64, i64* %289, align 8 %291 = icmp ult i64 %290, %51 br i1 %291, label %159, label %292 %293 = bitcast %struct.list_head* %9 to i64* %294 = load volatile i64, i64* %293, align 8 %295 = inttoptr i64 %294 to %struct.list_head* %296 = icmp eq %struct.list_head* %9, %295 br i1 %296, label %305, label %297 %298 = and i64 %103, 8 %299 = icmp eq i64 %298, 0 br i1 %299, label %301, label %300, !prof !10, !misexpect !11 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.13389, i64 0, i64 0), i32 1282, i32 2307, i64 12) #6, !srcloc !12 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 119) #6, !srcloc !13 br label %301 %302 = call i32 bitcast (i32 (%struct.list_head*, %struct.page* (%struct.page*, i64)*, void (%struct.page*, i64)*, i64, i32, i32)* @migrate_pages to i32 (%struct.list_head*, %struct.page.39615* (%struct.page.39615*, i64)*, void (%struct.page.39615*, i64)*, i64, i32, i32)*)(%struct.list_head* nonnull %9, %struct.page.39615* (%struct.page.39615*, i64)* nonnull @new_page, void (%struct.page.39615*, i64)* null, i64 %0, i32 2, i32 4) #70 Function:migrate_pages %7 = alloca %struct.rmap_walk_control.119986, align 8 %8 = alloca %struct.rmap_walk_control.119986, align 8 %9 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8388608 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %16 %17 = bitcast %struct.list_head* %0 to i8** %18 = and i32 %4, -2 %19 = icmp eq i32 %18, 2 %20 = bitcast %struct.rmap_walk_control.119986* %8 to i8* %21 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 0 %22 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 1 %23 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 2 %24 = bitcast i32 (%struct.page*)** %23 to i8* %25 = icmp eq i32 %4, 0 %26 = icmp ne i32 %18, 2 %27 = select i1 %26, i32 -16, i32 -11 %28 = bitcast %struct.rmap_walk_control.119986* %7 to i8* %29 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 1 %31 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 2 %32 = bitcast i32 (%struct.page*)** %31 to i8* %33 = icmp eq void (%struct.page*, i64)* %2, null br label %34 %35 = phi i32 [ 0, %16 ], [ %513, %517 ] %36 = phi i32 [ 0, %16 ], [ %512, %517 ] %37 = phi i32 [ 0, %16 ], [ %518, %517 ] %38 = load i8*, i8** %17, align 8 %39 = bitcast i8* %38 to %struct.list_head* %40 = icmp eq %struct.list_head* %39, %0 br i1 %40, label %522, label %41 %42 = icmp ugt i32 %37, 2 %43 = and i1 %19, %42 %44 = xor i1 %42, true %45 = or i1 %25, %44 %46 = or i1 %26, %44 br label %47 %48 = phi i8* [ %38, %41 ], [ %55, %511 ] %49 = phi i32 [ 0, %41 ], [ %514, %511 ] %50 = phi i32 [ %35, %41 ], [ %513, %511 ] %51 = phi i32 [ %36, %41 ], [ %512, %511 ] %52 = getelementptr i8, i8* %48, i64 -8 %53 = bitcast i8* %52 to %struct.page* %54 = bitcast i8* %48 to i8** %55 = load i8*, i8** %54, align 8 %56 = call i32 @_cond_resched() #69 %57 = call i32 bitcast (i32 (%struct.page.117978*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %53) #69 %58 = icmp eq i32 %57, 0 br i1 %58, label %181, label %59 %182 = call %struct.page* %1(%struct.page* %53, i64 %3) #69 %183 = icmp eq %struct.page* %182, null br i1 %183, label %503, label %184 %185 = bitcast i8* %48 to i64* %186 = load volatile i64, i64* %185, align 8 %187 = and i64 %186, 1 %188 = icmp eq i64 %187, 0 %189 = add i64 %186, -1 %190 = inttoptr i64 %189 to %struct.page* %191 = select i1 %188, %struct.page* %53, %struct.page* %190, !prof !5 %192 = getelementptr inbounds %struct.page, %struct.page* %191, i64 0, i32 3, i32 0 %193 = load volatile i32, i32* %192, align 4 %194 = icmp eq i32 %193, 1 br i1 %194, label %195, label %251 %252 = getelementptr i8, i8* %48, i64 16 %253 = bitcast i8* %252 to %struct.address_space** %254 = bitcast i8* %252 to i64* %255 = load i64, i64* %254, align 8 %256 = and i64 %255, 3 %257 = icmp eq i64 %256, 2 %258 = load volatile i64, i64* %185, align 8 %259 = and i64 %258, 1 %260 = icmp eq i64 %259, 0 %261 = add i64 %258, -1 %262 = inttoptr i64 %261 to %struct.page* %263 = select i1 %260, %struct.page* %53, %struct.page* %262, !prof !5 %264 = getelementptr inbounds %struct.page, %struct.page* %263, i64 0, i32 0 %265 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %264, i64 0, i64* %264) #6, !srcloc !6 %266 = and i8 %265, 1 %267 = icmp eq i8 %266, 0 br i1 %267, label %286, label %268 br i1 %45, label %484, label %269 %270 = load i32, i32* %10, align 4 %271 = and i32 %270, 2048 %272 = icmp eq i32 %271, 0 br i1 %272, label %273, label %484 %274 = call i32 @_cond_resched() #69 %275 = load volatile i64, i64* %185, align 8 %276 = and i64 %275, 1 %277 = icmp eq i64 %276, 0 %278 = add i64 %275, -1 %279 = inttoptr i64 %278 to %struct.page* %280 = select i1 %277, %struct.page* %53, %struct.page* %279, !prof !5 %281 = getelementptr inbounds %struct.page, %struct.page* %280, i64 0, i32 0 %282 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %281, i64 0, i64* %281) #6, !srcloc !6 %283 = and i8 %282, 1 %284 = icmp eq i8 %283, 0 br i1 %284, label %286, label %285 call void bitcast (void (%struct.page.100587*)* @__lock_page to void (%struct.page*)*)(%struct.page* %53) #69 br label %286 %287 = load volatile i64, i64* %185, align 8 %288 = and i64 %287, 1 %289 = icmp eq i64 %288, 0 %290 = add i64 %287, -1 %291 = inttoptr i64 %290 to %struct.page* %292 = select i1 %289, %struct.page* %53, %struct.page* %291, !prof !5 %293 = getelementptr inbounds %struct.page, %struct.page* %292, i64 0, i32 0 %294 = load volatile i64, i64* %293, align 8 %295 = and i64 %294, 16384 %296 = icmp eq i64 %295, 0 br i1 %296, label %310, label %297 br i1 %46, label %367, label %298 %299 = load volatile i64, i64* %185, align 8 %300 = and i64 %299, 1 %301 = icmp eq i64 %300, 0 %302 = add i64 %299, -1 %303 = inttoptr i64 %302 to %struct.page* %304 = select i1 %301, %struct.page* %53, %struct.page* %303, !prof !5 %305 = getelementptr inbounds %struct.page, %struct.page* %304, i64 0, i32 0 %306 = load volatile i64, i64* %305, align 8 %307 = and i64 %306, 16384 %308 = icmp eq i64 %307, 0 br i1 %308, label %310, label %309 call void bitcast (void (%struct.page.100587*, i32)* @wait_on_page_bit to void (%struct.page*, i32)*)(%struct.page* %53, i32 14) #69 Function:wait_on_page_bit %3 = ptrtoint %struct.page.100587* %0 to i64 %4 = mul i64 %3, 7046029254386353131 %5 = lshr i64 %4, 56 %6 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @page_wait_table, i64 0, i64 %5 %7 = tail call fastcc i32 @wait_on_page_bit_common(%struct.wait_queue_head* %6, %struct.page.100587* %0, i32 %1, i32 2, i1 zeroext false) #69 Function:wait_on_page_bit_common %6 = alloca %struct.wait_page_queue, align 8 %7 = alloca i64, align 8 %8 = bitcast %struct.wait_page_queue* %6 to i8* %9 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2 %10 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 1 %12 = bitcast i8** %11 to %struct.task_struct.100571** store %struct.task_struct.100571* %10, %struct.task_struct.100571** %12, align 8 %13 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 2 %14 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3 %15 = ptrtoint %struct.list_head* %14 to i64 %16 = bitcast %struct.list_head* %14 to i64* store volatile i64 %15, i64* %16, align 8 %17 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3, i32 1 store %struct.list_head* %14, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 0 %19 = zext i1 %4 to i32 store i32 %19, i32* %18, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @wake_page_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %13, align 8 %20 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 0 store %struct.page.100587* %1, %struct.page.100587** %20, align 8 %21 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 1 store i32 %2, i32* %21, align 8 %22 = zext i32 %3 to i64 %23 = and i64 %22, 1 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1 %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %28 = bitcast %struct.page.100587* %1 to i8* %29 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 1 %30 = bitcast %struct.wait_queue_head* %0 to i8* %31 = sext i32 %2 to i64 %32 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %1, i64 0, i32 0 %33 = and i64 %22, 257 %34 = icmp eq i64 %33, 0 %35 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 0, i32 0 %36 = icmp eq i64 %23, 0 %37 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 91, i32 1, i32 0, i64 0 %38 = bitcast i64* %7 to i8* br label %39 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %24) #69 %40 = load volatile i64, i64* %16, align 8 %41 = inttoptr i64 %40 to %struct.list_head* %42 = icmp eq %struct.list_head* %14, %41 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 store volatile i64 %22, i64* %7, align 8 %47 = load volatile i64, i64* %7, align 8 %48 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %47, i64* %29) #6, !srcloc !8 store volatile i64 %48, i64* %7, align 8 %49 = load volatile i64, i64* %7, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %30, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %50 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %31) #6, !srcloc !12 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53, !prof !13, !misexpect !6 call void @io_schedule() #69 Function:io_schedule %1 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 44 %3 = load i8, i8* %2, align 16 %4 = or i8 %3, 2 store i8 %4, i8* %2, align 16 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 110 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, null br i1 %7, label %9, label %8 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %6, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 io_schedule 5 wait_on_page_bit_common 6 wait_on_page_bit 7 migrate_pages 8 kernel_mbind 9 __x64_sys_mbind ------------- Path:  Function:__x64_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = bitcast i64* %8 to i64** %10 = load i64*, i64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %14 to i32 %16 = tail call fastcc i64 @kernel_mbind(i64 %3, i64 %5, i64 %7, i64* %10, i64 %12, i32 %15) #69 Function:kernel_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.mm_walk.118483, align 8 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.nodemask_scratch, align 8 %11 = alloca %struct.cpumask, align 8 %12 = bitcast %struct.cpumask* %11 to i8* %13 = trunc i64 %2 to i16 %14 = and i16 %13, -16384 %15 = and i64 %2, -49153 %16 = icmp ugt i64 %15, 4 br i1 %16, label %338, label %17 %18 = icmp sgt i16 %14, -1 %19 = and i64 %2, 16384 %20 = icmp eq i64 %19, 0 %21 = or i1 %20, %18 br i1 %21, label %22, label %338 %23 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %11, i64* %3, i64 %4) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %28 = trunc i64 %15 to i16 %29 = zext i32 %5 to i64 %30 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %31 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 32 %32 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %31, align 32 %33 = bitcast %struct.list_head* %9 to i8* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %35, align 8 %36 = icmp ult i32 %5, 8 br i1 %36, label %37, label %336 %38 = and i64 %29, 4 %39 = icmp eq i64 %38, 0 br i1 %39, label %42, label %40 %41 = call zeroext i1 @capable(i32 23) #70 br i1 %41, label %42, label %336 %43 = and i64 %0, 4095 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %336 %46 = icmp eq i16 %28, 0 %47 = and i64 %29, 4294967294 %48 = select i1 %46, i64 %47, i64 %29 %49 = add i64 %1, 4095 %50 = and i64 %49, -4096 %51 = add i64 %50, %0 %52 = icmp ult i64 %51, %0 br i1 %52, label %336, label %53 %54 = icmp eq i64 %50, 0 br i1 %54, label %336, label %55 switch i16 %28, label %66 [ i16 0, label %56 i16 1, label %60 ] %67 = icmp eq i16 %28, 4 %68 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %11, i64 0, i32 0, i64 0 %69 = load i64, i64* %68, align 8 %70 = icmp eq i64 %69, 0 br i1 %67, label %71, label %74 br i1 %70, label %88, label %75 %76 = phi i16 [ 1, %60 ], [ %28, %74 ], [ 1, %71 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** @policy_cache, align 8 %78 = call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %77, i32 6291648) #70 %79 = icmp eq i8* %78, null br i1 %79, label %88, label %80 %81 = bitcast i8* %78 to %struct.mempolicy* %82 = bitcast i8* %78 to i32* store volatile i32 1, i32* %82, align 8 %83 = getelementptr inbounds i8, i8* %78, i64 4 %84 = bitcast i8* %83 to i16* store i16 %76, i16* %84, align 4 %85 = getelementptr inbounds i8, i8* %78, i64 6 %86 = bitcast i8* %85 to i16* store i16 %14, i16* %86, align 2 %87 = icmp ugt i8* %78, inttoptr (i64 -4096 to i8*) br i1 %87, label %88, label %91 %92 = phi i8* [ %78, %80 ], [ null, %56 ] %93 = phi %struct.mempolicy* [ %81, %80 ], [ null, %56 ] %94 = and i64 %48, 8 %95 = icmp eq i64 %94, 0 br i1 %95, label %100, label %96 %97 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %98 = load i16, i16* %97, align 2 %99 = or i16 %98, 8 store i16 %99, i16* %97, align 2 br label %100 %101 = icmp eq %struct.mempolicy* %93, null %102 = or i64 %48, 16 %103 = select i1 %101, i64 %102, i64 %48 %104 = and i64 %103, 6 %105 = icmp eq i64 %104, 0 br i1 %105, label %109, label %106 %107 = call i32 @migrate_prep() #70 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %325 %110 = bitcast %struct.nodemask_scratch* %10 to i8* %111 = getelementptr inbounds %struct.mm_struct.39317, %struct.mm_struct.39317* %32, i64 0, i32 0, i32 16 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_write to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* %111) #70 %112 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %112) #70 %113 = call fastcc i32 @mpol_set_nodemask(%struct.mempolicy* %93, %struct.cpumask* nonnull %11, %struct.nodemask_scratch* nonnull %10) #70 %114 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %30, i64 0, i32 102 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %115, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %116 = icmp eq i32 %113, 0 br i1 %116, label %118, label %117 %119 = or i64 %103, 32 %120 = bitcast %struct.queue_pages* %7 to i8* %121 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %121, align 8 %122 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 1 store i64 %119, i64* %122, align 8 %123 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 2 store %struct.cpumask* %11, %struct.cpumask** %123, align 8 %124 = getelementptr inbounds %struct.queue_pages, %struct.queue_pages* %7, i64 0, i32 3 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %124, align 8 %125 = bitcast %struct.mm_walk.118483* %8 to i8* %126 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 0 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* null, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %126, align 8 %127 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 1 store i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)* @queue_pages_pte_range, i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %127, align 8 %128 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 2 %129 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 4 %130 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.118483*)** %128 to i8* store i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)* @queue_pages_hugetlb, i32 (%struct.anon.1*, i64, i64, i64, %struct.mm_walk.118483*)** %129, align 8 %131 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 5 store i32 (i64, i64, %struct.mm_walk.118483*)* @queue_pages_test_walk, i32 (i64, i64, %struct.mm_walk.118483*)** %131, align 8 %132 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 6 store %struct.mm_struct.39317* %32, %struct.mm_struct.39317** %132, align 8 %133 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 7 store %struct.vm_area_struct.39266* null, %struct.vm_area_struct.39266** %133, align 8 %134 = getelementptr inbounds %struct.mm_walk.118483, %struct.mm_walk.118483* %8, i64 0, i32 8 %135 = bitcast i8** %134 to %struct.queue_pages** store %struct.queue_pages* %7, %struct.queue_pages** %135, align 8 %136 = call i32 bitcast (i32 (i64, i64, %struct.mm_walk.113499*)* @walk_page_range to i32 (i64, i64, %struct.mm_walk.118483*)*)(i64 %0, i64 %51, %struct.mm_walk.118483* nonnull %8) #70 %137 = icmp slt i32 %136, 0 br i1 %137, label %316, label %138 %139 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64)* @find_vma to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, i64)*)(%struct.mm_struct.39317* %32, i64 %0) #70 %140 = icmp eq %struct.vm_area_struct.39266* %139, null br i1 %140, label %316, label %141 %142 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 0 %143 = load i64, i64* %142, align 8 %144 = icmp ugt i64 %143, %0 br i1 %144, label %316, label %145 %146 = icmp ne %struct.mempolicy* %93, null %147 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 1 %148 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 2 %149 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 4, i32 0, i32 0, i64 0 %150 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3 %151 = bitcast %struct.arch_tlbflush_unmap_batch* %150 to i16* %152 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %93, i64 0, i32 3, i32 0, i32 0, i64 0 %153 = icmp ult i64 %143, %51 br i1 %153, label %154, label %292 %155 = icmp ult i64 %143, %0 %156 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %139, i64 0, i32 3 %157 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %156, align 8 %158 = select i1 %155, %struct.vm_area_struct.39266* %139, %struct.vm_area_struct.39266* %157 br label %159 %160 = phi %struct.vm_area_struct.39266* [ %286, %288 ], [ %139, %154 ] %161 = phi %struct.vm_area_struct.39266* [ %284, %288 ], [ %158, %154 ] %162 = phi i64 [ %290, %288 ], [ %143, %154 ] %163 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 0 %164 = icmp ult i64 %162, %0 %165 = select i1 %164, i64 %0, i64 %162 %166 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 1 %167 = load i64, i64* %166, align 8 %168 = icmp ugt i64 %167, %51 %169 = select i1 %168, i64 %51, i64 %167 %170 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 17 %171 = load %struct.mempolicy*, %struct.mempolicy** %170, align 8 %172 = icmp eq %struct.mempolicy* %171, %93 br i1 %172, label %283, label %173 %174 = icmp ne %struct.mempolicy* %171, null %175 = and i1 %146, %174 br i1 %175, label %176, label %209 %177 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 1 %178 = load i16, i16* %177, align 4 %179 = load i16, i16* %147, align 4 %180 = icmp eq i16 %178, %179 br i1 %180, label %181, label %209 %182 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 2 %183 = load i16, i16* %182, align 2 %184 = load i16, i16* %148, align 2 %185 = icmp eq i16 %183, %184 br i1 %185, label %186, label %209 %187 = icmp ult i16 %183, 16384 br i1 %187, label %193, label %188 %189 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 4, i32 0, i32 0, i64 0 %190 = load i64, i64* %189, align 8 %191 = load i64, i64* %149, align 8 %192 = icmp eq i64 %190, %191 br i1 %192, label %193, label %209 switch i16 %178, label %203 [ i16 2, label %204 i16 3, label %204 i16 1, label %194 ] %205 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %171, i64 0, i32 3, i32 0, i32 0, i64 0 %206 = load i64, i64* %205, align 8 %207 = load i64, i64* %152, align 8 %208 = icmp eq i64 %206, %207 br i1 %208, label %283, label %209 %210 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 13 %211 = load i64, i64* %210, align 8 %212 = sub i64 %165, %162 %213 = lshr i64 %212, 12 %214 = add i64 %211, %213 %215 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 8 %216 = load i64, i64* %215, align 8 %217 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 11 %218 = load %struct.anon_vma.39259*, %struct.anon_vma.39259** %217, align 8 %219 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 14 %220 = load %struct.file.39652*, %struct.file.39652** %219, align 8 %221 = call %struct.vm_area_struct.39266* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i64, i64, %struct.anon_vma.111347*, %struct.file.111694*, i64, %struct.mempolicy*)* @vma_merge to %struct.vm_area_struct.39266* (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i64, i64, %struct.anon_vma.39259*, %struct.file.39652*, i64, %struct.mempolicy*)*)(%struct.mm_struct.39317* %32, %struct.vm_area_struct.39266* %161, i64 %165, i64 %169, i64 %216, %struct.anon_vma.39259* %218, %struct.file.39652* %220, i64 %214, %struct.mempolicy* %93) #70 %222 = icmp eq %struct.vm_area_struct.39266* %221, null br i1 %222, label %223, label %239 %224 = load i64, i64* %163, align 8 %225 = icmp eq i64 %224, %165 br i1 %225, label %231, label %226 %227 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %228 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %227, align 8 %229 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %228, %struct.vm_area_struct.39266* nonnull %160, i64 %165, i32 1) #70 %230 = icmp eq i32 %229, 0 br i1 %230, label %231, label %316 %232 = load i64, i64* %166, align 8 %233 = icmp eq i64 %232, %169 br i1 %233, label %239, label %234 %235 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %160, i64 0, i32 6 %236 = load %struct.mm_struct.39317*, %struct.mm_struct.39317** %235, align 8 %237 = call i32 bitcast (i32 (%struct.mm_struct.111386*, %struct.vm_area_struct.111354*, i64, i32)* @split_vma to i32 (%struct.mm_struct.39317*, %struct.vm_area_struct.39266*, i64, i32)*)(%struct.mm_struct.39317* %236, %struct.vm_area_struct.39266* nonnull %160, i64 %169, i32 0) #70 %238 = icmp eq i32 %237, 0 br i1 %238, label %239, label %316 %240 = phi %struct.vm_area_struct.39266* [ %160, %234 ], [ %160, %231 ], [ %221, %209 ] br i1 %101, label %245, label %241 %242 = call %struct.mempolicy* @__mpol_dup(%struct.mempolicy* nonnull %93) #70 %243 = bitcast %struct.mempolicy* %242 to i8* %244 = icmp ugt %struct.mempolicy* %242, inttoptr (i64 -4096 to %struct.mempolicy*) br i1 %244, label %279, label %245 %280 = ptrtoint %struct.mempolicy* %242 to i64 %281 = trunc i64 %280 to i32 %282 = icmp eq i32 %281, 0 br i1 %282, label %283, label %313 %284 = phi %struct.vm_area_struct.39266* [ %160, %204 ], [ %240, %279 ], [ %160, %197 ], [ %160, %159 ], [ %160, %194 ], [ %240, %258 ], [ %240, %262 ], [ %240, %267 ] %285 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %284, i64 0, i32 2 %286 = load %struct.vm_area_struct.39266*, %struct.vm_area_struct.39266** %285, align 8 %287 = icmp eq %struct.vm_area_struct.39266* %286, null br i1 %287, label %292, label %288 %289 = getelementptr inbounds %struct.vm_area_struct.39266, %struct.vm_area_struct.39266* %286, i64 0, i32 0 %290 = load i64, i64* %289, align 8 %291 = icmp ult i64 %290, %51 br i1 %291, label %159, label %292 %293 = bitcast %struct.list_head* %9 to i64* %294 = load volatile i64, i64* %293, align 8 %295 = inttoptr i64 %294 to %struct.list_head* %296 = icmp eq %struct.list_head* %9, %295 br i1 %296, label %305, label %297 %298 = and i64 %103, 8 %299 = icmp eq i64 %298, 0 br i1 %299, label %301, label %300, !prof !10, !misexpect !11 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.13389, i64 0, i64 0), i32 1282, i32 2307, i64 12) #6, !srcloc !12 call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 119) #6, !srcloc !13 br label %301 %302 = call i32 bitcast (i32 (%struct.list_head*, %struct.page* (%struct.page*, i64)*, void (%struct.page*, i64)*, i64, i32, i32)* @migrate_pages to i32 (%struct.list_head*, %struct.page.39615* (%struct.page.39615*, i64)*, void (%struct.page.39615*, i64)*, i64, i32, i32)*)(%struct.list_head* nonnull %9, %struct.page.39615* (%struct.page.39615*, i64)* nonnull @new_page, void (%struct.page.39615*, i64)* null, i64 %0, i32 2, i32 4) #70 Function:migrate_pages %7 = alloca %struct.rmap_walk_control.119986, align 8 %8 = alloca %struct.rmap_walk_control.119986, align 8 %9 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct**)) #10, !srcloc !4 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8388608 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %16 %17 = bitcast %struct.list_head* %0 to i8** %18 = and i32 %4, -2 %19 = icmp eq i32 %18, 2 %20 = bitcast %struct.rmap_walk_control.119986* %8 to i8* %21 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 0 %22 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 1 %23 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %8, i64 0, i32 2 %24 = bitcast i32 (%struct.page*)** %23 to i8* %25 = icmp eq i32 %4, 0 %26 = icmp ne i32 %18, 2 %27 = select i1 %26, i32 -16, i32 -11 %28 = bitcast %struct.rmap_walk_control.119986* %7 to i8* %29 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 1 %31 = getelementptr inbounds %struct.rmap_walk_control.119986, %struct.rmap_walk_control.119986* %7, i64 0, i32 2 %32 = bitcast i32 (%struct.page*)** %31 to i8* %33 = icmp eq void (%struct.page*, i64)* %2, null br label %34 %35 = phi i32 [ 0, %16 ], [ %513, %517 ] %36 = phi i32 [ 0, %16 ], [ %512, %517 ] %37 = phi i32 [ 0, %16 ], [ %518, %517 ] %38 = load i8*, i8** %17, align 8 %39 = bitcast i8* %38 to %struct.list_head* %40 = icmp eq %struct.list_head* %39, %0 br i1 %40, label %522, label %41 %42 = icmp ugt i32 %37, 2 %43 = and i1 %19, %42 %44 = xor i1 %42, true %45 = or i1 %25, %44 %46 = or i1 %26, %44 br label %47 %48 = phi i8* [ %38, %41 ], [ %55, %511 ] %49 = phi i32 [ 0, %41 ], [ %514, %511 ] %50 = phi i32 [ %35, %41 ], [ %513, %511 ] %51 = phi i32 [ %36, %41 ], [ %512, %511 ] %52 = getelementptr i8, i8* %48, i64 -8 %53 = bitcast i8* %52 to %struct.page* %54 = bitcast i8* %48 to i8** %55 = load i8*, i8** %54, align 8 %56 = call i32 @_cond_resched() #69 %57 = call i32 bitcast (i32 (%struct.page.117978*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %53) #69 %58 = icmp eq i32 %57, 0 br i1 %58, label %181, label %59 %182 = call %struct.page* %1(%struct.page* %53, i64 %3) #69 %183 = icmp eq %struct.page* %182, null br i1 %183, label %503, label %184 %185 = bitcast i8* %48 to i64* %186 = load volatile i64, i64* %185, align 8 %187 = and i64 %186, 1 %188 = icmp eq i64 %187, 0 %189 = add i64 %186, -1 %190 = inttoptr i64 %189 to %struct.page* %191 = select i1 %188, %struct.page* %53, %struct.page* %190, !prof !5 %192 = getelementptr inbounds %struct.page, %struct.page* %191, i64 0, i32 3, i32 0 %193 = load volatile i32, i32* %192, align 4 %194 = icmp eq i32 %193, 1 br i1 %194, label %195, label %251 %252 = getelementptr i8, i8* %48, i64 16 %253 = bitcast i8* %252 to %struct.address_space** %254 = bitcast i8* %252 to i64* %255 = load i64, i64* %254, align 8 %256 = and i64 %255, 3 %257 = icmp eq i64 %256, 2 %258 = load volatile i64, i64* %185, align 8 %259 = and i64 %258, 1 %260 = icmp eq i64 %259, 0 %261 = add i64 %258, -1 %262 = inttoptr i64 %261 to %struct.page* %263 = select i1 %260, %struct.page* %53, %struct.page* %262, !prof !5 %264 = getelementptr inbounds %struct.page, %struct.page* %263, i64 0, i32 0 %265 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %264, i64 0, i64* %264) #6, !srcloc !6 %266 = and i8 %265, 1 %267 = icmp eq i8 %266, 0 br i1 %267, label %286, label %268 br i1 %45, label %484, label %269 %270 = load i32, i32* %10, align 4 %271 = and i32 %270, 2048 %272 = icmp eq i32 %271, 0 br i1 %272, label %273, label %484 %274 = call i32 @_cond_resched() #69 %275 = load volatile i64, i64* %185, align 8 %276 = and i64 %275, 1 %277 = icmp eq i64 %276, 0 %278 = add i64 %275, -1 %279 = inttoptr i64 %278 to %struct.page* %280 = select i1 %277, %struct.page* %53, %struct.page* %279, !prof !5 %281 = getelementptr inbounds %struct.page, %struct.page* %280, i64 0, i32 0 %282 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %281, i64 0, i64* %281) #6, !srcloc !6 %283 = and i8 %282, 1 %284 = icmp eq i8 %283, 0 br i1 %284, label %286, label %285 call void bitcast (void (%struct.page.100587*)* @__lock_page to void (%struct.page*)*)(%struct.page* %53) #69 br label %286 %287 = load volatile i64, i64* %185, align 8 %288 = and i64 %287, 1 %289 = icmp eq i64 %288, 0 %290 = add i64 %287, -1 %291 = inttoptr i64 %290 to %struct.page* %292 = select i1 %289, %struct.page* %53, %struct.page* %291, !prof !5 %293 = getelementptr inbounds %struct.page, %struct.page* %292, i64 0, i32 0 %294 = load volatile i64, i64* %293, align 8 %295 = and i64 %294, 16384 %296 = icmp eq i64 %295, 0 br i1 %296, label %310, label %297 br i1 %46, label %367, label %298 %299 = load volatile i64, i64* %185, align 8 %300 = and i64 %299, 1 %301 = icmp eq i64 %300, 0 %302 = add i64 %299, -1 %303 = inttoptr i64 %302 to %struct.page* %304 = select i1 %301, %struct.page* %53, %struct.page* %303, !prof !5 %305 = getelementptr inbounds %struct.page, %struct.page* %304, i64 0, i32 0 %306 = load volatile i64, i64* %305, align 8 %307 = and i64 %306, 16384 %308 = icmp eq i64 %307, 0 br i1 %308, label %310, label %309 call void bitcast (void (%struct.page.100587*, i32)* @wait_on_page_bit to void (%struct.page*, i32)*)(%struct.page* %53, i32 14) #69 Function:wait_on_page_bit %3 = ptrtoint %struct.page.100587* %0 to i64 %4 = mul i64 %3, 7046029254386353131 %5 = lshr i64 %4, 56 %6 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @page_wait_table, i64 0, i64 %5 %7 = tail call fastcc i32 @wait_on_page_bit_common(%struct.wait_queue_head* %6, %struct.page.100587* %0, i32 %1, i32 2, i1 zeroext false) #69 Function:wait_on_page_bit_common %6 = alloca %struct.wait_page_queue, align 8 %7 = alloca i64, align 8 %8 = bitcast %struct.wait_page_queue* %6 to i8* %9 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2 %10 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 1 %12 = bitcast i8** %11 to %struct.task_struct.100571** store %struct.task_struct.100571* %10, %struct.task_struct.100571** %12, align 8 %13 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 2 %14 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3 %15 = ptrtoint %struct.list_head* %14 to i64 %16 = bitcast %struct.list_head* %14 to i64* store volatile i64 %15, i64* %16, align 8 %17 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 2, i32 3, i32 1 store %struct.list_head* %14, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 0 %19 = zext i1 %4 to i32 store i32 %19, i32* %18, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @wake_page_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %13, align 8 %20 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 0 store %struct.page.100587* %1, %struct.page.100587** %20, align 8 %21 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %6, i64 0, i32 1 store i32 %2, i32* %21, align 8 %22 = zext i32 %3 to i64 %23 = and i64 %22, 1 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1 %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %0, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %28 = bitcast %struct.page.100587* %1 to i8* %29 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 1 %30 = bitcast %struct.wait_queue_head* %0 to i8* %31 = sext i32 %2 to i64 %32 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %1, i64 0, i32 0 %33 = and i64 %22, 257 %34 = icmp eq i64 %33, 0 %35 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 0, i32 0 %36 = icmp eq i64 %23, 0 %37 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %10, i64 0, i32 91, i32 1, i32 0, i64 0 %38 = bitcast i64* %7 to i8* br label %39 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %24) #69 %40 = load volatile i64, i64* %16, align 8 %41 = inttoptr i64 %40 to %struct.list_head* %42 = icmp eq %struct.list_head* %14, %41 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 store volatile i64 %22, i64* %7, align 8 %47 = load volatile i64, i64* %7, align 8 %48 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %47, i64* %29) #6, !srcloc !8 store volatile i64 %48, i64* %7, align 8 %49 = load volatile i64, i64* %7, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %30, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %50 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %31) #6, !srcloc !12 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53, !prof !13, !misexpect !6 call void @io_schedule() #69 Function:io_schedule %1 = tail call %struct.task_struct.50485* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50485** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.50485**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 44 %3 = load i8, i8* %2, align 16 %4 = or i8 %3, 2 store i8 %4, i8* %2, align 16 %5 = getelementptr inbounds %struct.task_struct.50485, %struct.task_struct.50485* %1, i64 0, i32 110 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, null br i1 %7, label %9, label %8 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %6, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 wakeup_flusher_threads 5 ksys_sync 6 __x64_sys_sync ------------- Path:  Function:__x64_sys_sync tail call void @ksys_sync() #69 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #69 Function:wakeup_flusher_threads %2 = tail call %struct.task_struct.100571* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.100571** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.100571**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.100571, %struct.task_struct.100571* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, null br i1 %5, label %25, label %6 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %4, i64 0, i32 0 %8 = bitcast %struct.blk_plug* %4 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %12, label %24 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %4, i64 0, i32 1 %14 = bitcast %struct.list_head* %13 to i64* %15 = load volatile i64, i64* %14, align 8 %16 = inttoptr i64 %15 to %struct.list_head* %17 = icmp eq %struct.list_head* %13, %16 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %4, i64 0, i32 2 %20 = bitcast %struct.list_head* %19 to i64* %21 = load volatile i64, i64* %20, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %19, %22 br i1 %23, label %25, label %24 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %4, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 __se_sys_madvise 9 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] %125 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %126 = load %struct.file.115359*, %struct.file.115359** %125, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %7, align 8 %127 = icmp eq %struct.file.115359* %126, null br i1 %127, label %128, label %133 %134 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %126, i64 0, i32 19 %135 = load %struct.address_space.115581*, %struct.address_space.115581** %134, align 8 %136 = call zeroext i1 bitcast (i1 (%struct.address_space.105049*)* @shmem_mapping to i1 (%struct.address_space.115581*)*)(%struct.address_space.115581* %135) #69 br i1 %136, label %137, label %191 %192 = load i64, i64* %78, align 8 %193 = sub i64 %85, %192 %194 = lshr i64 %193, 12 %195 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 13 %196 = load i64, i64* %195, align 8 %197 = add i64 %194, %196 %198 = load i64, i64* %86, align 8 %199 = icmp ult i64 %198, %89 %200 = select i1 %199, i64 %198, i64 %89 %201 = sub i64 %200, %192 %202 = lshr i64 %201, 12 %203 = load %struct.address_space.115581*, %struct.address_space.115581** %134, align 8 %204 = sub nsw i64 %202, %194 %205 = call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.115581*, %struct.file.115359*, i64, i64)*)(%struct.address_space.115581* %203, %struct.file.115359* nonnull %126, i64 %197, i64 %204) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 __se_sys_madvise 9 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mm_walk.115686, align 8 %5 = alloca %struct.mmu_gather.115688, align 8 %6 = alloca %struct.mm_walk.115686, align 8 %7 = alloca %struct.vm_area_struct.115591*, align 8 %8 = alloca %struct.blk_plug, align 8 %9 = trunc i64 %2 to i32 %10 = bitcast %struct.vm_area_struct.115591** %7 to i8* %11 = bitcast %struct.blk_plug* %8 to i8* switch i32 %9, label %381 [ i32 11, label %12 i32 10, label %12 i32 0, label %12 i32 2, label %12 i32 1, label %12 i32 9, label %12 i32 3, label %12 i32 4, label %12 i32 8, label %12 i32 16, label %12 i32 17, label %12 i32 18, label %12 i32 19, label %12 ] %13 = and i64 %0, 4095 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %381 %16 = add i64 %1, 4095 %17 = and i64 %16, -4096 %18 = icmp eq i64 %1, 0 %19 = icmp ne i64 %17, 0 %20 = or i1 %18, %19 br i1 %20, label %21, label %381 %22 = add i64 %17, %0 %23 = icmp ult i64 %22, %0 br i1 %23, label %381, label %24 %25 = icmp eq i64 %17, 0 br i1 %25, label %381, label %26 %27 = add i32 %9, -3 %28 = icmp ult i32 %27, 7 %29 = trunc i32 %27 to i7 %30 = lshr i7 -29, %29 %31 = and i7 %30, 1 %32 = icmp ne i7 %31, 0 %33 = and i1 %28, %32 %34 = tail call %struct.task_struct.115685* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115685** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.115685**)) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct.115685, %struct.task_struct.115685* %34, i64 0, i32 32 %36 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %37 = getelementptr inbounds %struct.mm_struct.115604, %struct.mm_struct.115604* %36, i64 0, i32 0, i32 16 br i1 %33, label %41, label %38 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.115271*)*)(%struct.rw_semaphore.115271* %37) #69 br label %42 %43 = load %struct.mm_struct.115604*, %struct.mm_struct.115604** %35, align 32 %44 = call %struct.vm_area_struct.115591* bitcast (%struct.vm_area_struct.111354* (%struct.mm_struct.111386*, i64, %struct.vm_area_struct.111354**)* @find_vma_prev to %struct.vm_area_struct.115591* (%struct.mm_struct.115604*, i64, %struct.vm_area_struct.115591**)*)(%struct.mm_struct.115604* %43, i64 %0, %struct.vm_area_struct.115591** nonnull %7) #69 %45 = icmp eq %struct.vm_area_struct.115591* %44, null br i1 %45, label %51, label %46 %47 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %44, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = icmp ult i64 %48, %0 br i1 %49, label %50, label %52 store %struct.vm_area_struct.115591* %44, %struct.vm_area_struct.115591** %7, align 8 br label %52 call void @blk_start_plug(%struct.blk_plug* nonnull %8) #69 %53 = bitcast %struct.mmu_gather.115688* %5 to i8* %54 = bitcast %struct.mm_walk.115686* %4 to i8* %55 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 0 %56 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 1 %57 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 6 %59 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %57 to i8* %60 = bitcast %struct.mm_struct.115604** %58 to i64* %61 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 7 %62 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %4, i64 0, i32 8 %63 = bitcast i8** %62 to %struct.mmu_gather.115688** %64 = bitcast %struct.mm_walk.115686* %6 to i8* %65 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 0 %66 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 1 %67 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 2 %68 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 6 %69 = bitcast i32 (%struct.anon.1*, i64, i64, %struct.mm_walk.115686*)** %67 to i8* %70 = bitcast %struct.mm_struct.115604** %68 to i64* %71 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 7 %72 = getelementptr inbounds %struct.mm_walk.115686, %struct.mm_walk.115686* %6, i64 0, i32 8 %73 = bitcast i8** %72 to %struct.vm_area_struct.115591** br label %74 %75 = phi i64 [ %0, %52 ], [ %370, %369 ] %76 = phi i32 [ 0, %52 ], [ %84, %369 ] %77 = phi %struct.vm_area_struct.115591* [ %44, %52 ], [ %371, %369 ] %78 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 0 %79 = load i64, i64* %78, align 8 %80 = icmp ult i64 %75, %79 br i1 %80, label %81, label %83 %82 = icmp ult i64 %79, %22 br i1 %82, label %83, label %373 %84 = phi i32 [ -12, %81 ], [ %76, %74 ] %85 = phi i64 [ %79, %81 ], [ %75, %74 ] %86 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp ult i64 %22, %87 %89 = select i1 %88, i64 %22, i64 %87 switch i32 %9, label %262 [ i32 9, label %90 i32 3, label %124 i32 8, label %206 i32 4, label %206 ] %125 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 14 %126 = load %struct.file.115359*, %struct.file.115359** %125, align 8 store %struct.vm_area_struct.115591* %77, %struct.vm_area_struct.115591** %7, align 8 %127 = icmp eq %struct.file.115359* %126, null br i1 %127, label %128, label %133 %134 = getelementptr inbounds %struct.file.115359, %struct.file.115359* %126, i64 0, i32 19 %135 = load %struct.address_space.115581*, %struct.address_space.115581** %134, align 8 %136 = call zeroext i1 bitcast (i1 (%struct.address_space.105049*)* @shmem_mapping to i1 (%struct.address_space.115581*)*)(%struct.address_space.115581* %135) #69 br i1 %136, label %137, label %191 %192 = load i64, i64* %78, align 8 %193 = sub i64 %85, %192 %194 = lshr i64 %193, 12 %195 = getelementptr inbounds %struct.vm_area_struct.115591, %struct.vm_area_struct.115591* %77, i64 0, i32 13 %196 = load i64, i64* %195, align 8 %197 = add i64 %194, %196 %198 = load i64, i64* %86, align 8 %199 = icmp ult i64 %198, %89 %200 = select i1 %199, i64 %198, i64 %89 %201 = sub i64 %200, %192 %202 = lshr i64 %201, 12 %203 = load %struct.address_space.115581*, %struct.address_space.115581** %134, align 8 %204 = sub nsw i64 %202, %194 %205 = call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.115581*, %struct.file.115359*, i64, i64)*)(%struct.address_space.115581* %203, %struct.file.115359* nonnull %126, i64 %197, i64 %204) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __ia32_sys_fadvise64 ------------- Path:  Function:__ia32_sys_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.101895* %14 = icmp eq i64 %12, 0 br i1 %14, label %23, label %15 %16 = and i64 %7, 4294967295 %17 = and i64 %5, 4294967295 %18 = trunc i64 %9 to i32 %19 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %13, i64 %17, i64 %16, i32 %18) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __x64_sys_fadvise64 ------------- Path:  Function:__x64_sys_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.101895* %14 = icmp eq i64 %12, 0 br i1 %14, label %21, label %15 %16 = trunc i64 %9 to i32 %17 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %13, i64 %5, i64 %7, i32 %16) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __ia32_sys_fadvise64_64 ------------- Path:  Function:__ia32_sys_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.101895* %14 = icmp eq i64 %12, 0 br i1 %14, label %23, label %15 %16 = and i64 %7, 4294967295 %17 = and i64 %5, 4294967295 %18 = trunc i64 %9 to i32 %19 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %13, i64 %17, i64 %16, i32 %18) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __x64_sys_fadvise64_64 ------------- Path:  Function:__x64_sys_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.101895* %14 = icmp eq i64 %12, 0 br i1 %14, label %21, label %15 %16 = trunc i64 %9 to i32 %17 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %13, i64 %5, i64 %7, i32 %16) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 ksys_fadvise64_64 10 __ia32_compat_sys_x86_fadvise64_64 ------------- Path:  Function:__ia32_compat_sys_x86_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %15 to i32 %18 = shl i64 %8, 32 %19 = or i64 %18, %6 %20 = shl i64 %13, 32 %21 = or i64 %20, %11 %22 = tail call i32 @ksys_fadvise64_64(i32 %16, i64 %19, i64 %21, i32 %17) #69 Function:ksys_fadvise64_64 %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.101895* %8 = icmp eq i64 %6, 0 br i1 %8, label %14, label %9 %10 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %7, i64 %1, i64 %2, i32 %3) #70 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 ksys_fadvise64_64 10 __ia32_compat_sys_x86_fadvise64 ------------- Path:  Function:__ia32_compat_sys_x86_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %13 to i32 %16 = shl i64 %8, 32 %17 = or i64 %16, %6 %18 = tail call i32 @ksys_fadvise64_64(i32 %14, i64 %17, i64 %11, i32 %15) #69 Function:ksys_fadvise64_64 %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.101895* %8 = icmp eq i64 %6, 0 br i1 %8, label %14, label %9 %10 = tail call i32 @vfs_fadvise(%struct.file.101895* nonnull %7, i64 %1, i64 %2, i32 %3) #70 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __ia32_sys_readahead ------------- Path:  Function:__ia32_sys_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.100641* %14 = icmp eq i64 %12, 0 br i1 %14, label %38, label %15 %16 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %13, i64 0, i32 8 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %38, label %20 %21 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %13, i64 0, i32 19 %22 = load %struct.address_space.100583*, %struct.address_space.100583** %21, align 8 %23 = icmp eq %struct.address_space.100583* %22, null br i1 %23, label %38, label %24 %25 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %22, i64 0, i32 8 %26 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %25, align 8 %27 = icmp eq %struct.address_space_operations.100582* %26, null br i1 %27, label %38, label %28 %29 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %13, i64 0, i32 2 %30 = load %struct.inode.100633*, %struct.inode.100633** %29, align 8 %31 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %30, i64 0, i32 0 %32 = load i16, i16* %31, align 8 %33 = and i16 %32, -4096 %34 = icmp eq i16 %33, -32768 br i1 %34, label %35, label %38 %36 = tail call i32 bitcast (i32 (%struct.file.101895*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.100641*, i64, i64, i32)*)(%struct.file.100641* nonnull %13, i64 %6, i64 %9, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 __x64_sys_readahead ------------- Path:  Function:__x64_sys_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = tail call i64 @__fdget(i32 %8) #69 %10 = and i64 %9, -4 %11 = inttoptr i64 %10 to %struct.file.100641* %12 = icmp eq i64 %10, 0 br i1 %12, label %36, label %13 %14 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %11, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %36, label %18 %19 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %11, i64 0, i32 19 %20 = load %struct.address_space.100583*, %struct.address_space.100583** %19, align 8 %21 = icmp eq %struct.address_space.100583* %20, null br i1 %21, label %36, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %20, i64 0, i32 8 %24 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %23, align 8 %25 = icmp eq %struct.address_space_operations.100582* %24, null br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %11, i64 0, i32 2 %28 = load %struct.inode.100633*, %struct.inode.100633** %27, align 8 %29 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %28, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %36 %34 = tail call i32 bitcast (i32 (%struct.file.101895*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.100641*, i64, i64, i32)*)(%struct.file.100641* nonnull %11, i64 %5, i64 %7, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 read_pages 6 __do_page_cache_readahead 7 force_page_cache_readahead 8 vfs_fadvise 9 ksys_readahead 10 __ia32_compat_sys_x86_readahead ------------- Path:  Function:__ia32_compat_sys_x86_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = shl i64 %8, 32 %14 = or i64 %13, %6 %15 = tail call i64 @ksys_readahead(i32 %12, i64 %14, i64 %11) #69 Function:ksys_readahead %4 = tail call i64 @__fdget(i32 %0) #69 %5 = and i64 %4, -4 %6 = inttoptr i64 %5 to %struct.file.100641* %7 = icmp eq i64 %5, 0 br i1 %7, label %31, label %8 %9 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %6, i64 0, i32 8 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 1 %12 = icmp eq i32 %11, 0 br i1 %12, label %31, label %13 %14 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %6, i64 0, i32 19 %15 = load %struct.address_space.100583*, %struct.address_space.100583** %14, align 8 %16 = icmp eq %struct.address_space.100583* %15, null br i1 %16, label %31, label %17 %18 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %15, i64 0, i32 8 %19 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %18, align 8 %20 = icmp eq %struct.address_space_operations.100582* %19, null br i1 %20, label %31, label %21 %22 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %6, i64 0, i32 2 %23 = load %struct.inode.100633*, %struct.inode.100633** %22, align 8 %24 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %23, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %28, label %31 %29 = tail call i32 bitcast (i32 (%struct.file.101895*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.100641*, i64, i64, i32)*)(%struct.file.100641* nonnull %6, i64 %1, i64 %2, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 3 %6 = load %struct.file_operations.101883*, %struct.file_operations.101883** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.101883, %struct.file_operations.101883* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.101895*, i64, i64, i32)** %9 = load i32 (%struct.file.101895*, i64, i64, i32)*, i32 (%struct.file.101895*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.101895*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 2 %15 = load %struct.inode.101887*, %struct.inode.101887** %14, align 8 %16 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %15, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, -4096 %19 = icmp eq i16 %18, 4096 br i1 %19, label %156, label %20 %21 = getelementptr inbounds %struct.file.101895, %struct.file.101895* %0, i64 0, i32 19 %22 = load %struct.address_space.101737*, %struct.address_space.101737** %21, align 8 %23 = icmp eq %struct.address_space.101737* %22, null %24 = icmp slt i64 %2, 0 %25 = or i1 %24, %23 br i1 %25, label %156, label %26 %27 = getelementptr inbounds %struct.address_space.101737, %struct.address_space.101737* %22, i64 0, i32 0 %28 = load %struct.inode.101887*, %struct.inode.101887** %27, align 8 %29 = icmp eq %struct.inode.101887* %28, null br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.inode.101887, %struct.inode.101887* %28, i64 0, i32 8 %32 = load %struct.super_block.101872*, %struct.super_block.101872** %31, align 8 %33 = load %struct.super_block.101872*, %struct.super_block.101872** bitcast (%struct.super_block.133679** @blockdev_superblock to %struct.super_block.101872**), align 8 %34 = icmp eq %struct.super_block.101872* %33, %32 br i1 %34, label %35, label %38 %39 = getelementptr inbounds %struct.super_block.101872, %struct.super_block.101872* %32, i64 0, i32 22 br label %40 %41 = phi %struct.backing_dev_info.101935** [ %37, %35 ], [ %39, %38 ] %42 = load %struct.backing_dev_info.101935*, %struct.backing_dev_info.101935** %41, align 8 %43 = icmp eq %struct.backing_dev_info.101935* %42, bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.101935*) br i1 %43, label %44, label %47 %48 = add i64 %2, %1 %49 = icmp eq i64 %2, 0 %50 = icmp slt i64 %48, %2 %51 = or i1 %49, %50 %52 = add i64 %48, -1 %53 = select i1 %51, i64 -1, i64 %52 switch i32 %3, label %156 [ i32 0, label %54 i32 1, label %65 i32 2, label %72 i32 3, label %84 i32 5, label %155 i32 4, label %92 ] %85 = ashr i64 %1, 12 %86 = ashr i64 %53, 12 %87 = sub nsw i64 %86, %85 %88 = add nsw i64 %87, 1 %89 = icmp eq i64 %88, 0 %90 = select i1 %89, i64 -1, i64 %88 %91 = tail call i32 bitcast (i32 (%struct.address_space.100583*, %struct.file.100641*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.101737*, %struct.file.101895*, i64, i64)*)(%struct.address_space.101737* nonnull %22, %struct.file.101895* %0, i64 %85, i64 %90) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %6 = load %struct.inode.100633*, %struct.inode.100633** %5, align 8 %7 = icmp eq %struct.inode.100633* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.100513* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %23 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 1 %25 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %24, align 8 %26 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %23, i64 0, i32 4 %29 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.100513, %struct.backing_dev_info.100513* %21, i64 0, i32 2 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.100583* %0, %struct.file.100641* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 0 %8 = load %struct.inode.100633*, %struct.inode.100633** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 11 %15 = load i32, i32* %14, align 4 %16 = or i32 %15, 4608 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i8* @radix_tree_lookup(%struct.radix_tree_root* %23, i64 %30) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.100587* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.100587* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.100587* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 2, i8* %56) #6, !srcloc !6 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.100583* %0, %struct.file.100641* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %0, i64 0, i32 8 %9 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %9, i64 0, i32 4 %11 = load i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)*, i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.100641*, %struct.address_space.100583*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.100587* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.100587* %24, %struct.address_space.100583* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.100587* %50 = select i1 %47, %struct.page.100587* %24, %struct.page.100587* %49, !prof !4 %51 = getelementptr inbounds %struct.page.100587, %struct.page.100587* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 __se_sys_io_submit 6 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %62, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #69 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %62, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 16 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 call void @blk_start_plug(%struct.blk_plug* nonnull %4) #69 %17 = icmp sgt i64 %16, 0 br i1 %17, label %18, label %40 %19 = phi i64 [ %36, %34 ], [ 0, %11 ] %20 = phi i32 [ %35, %34 ], [ 0, %11 ] %22 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %19 %23 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { %struct.iocb**, i64, i64 } %23, 0 %25 = extractvalue { %struct.iocb**, i64, i64 } %23, 2 %26 = ptrtoint %struct.iocb** %24 to i64 %27 = and i64 %26, 4294967295 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %40, !prof !4, !misexpect !5 %30 = extractvalue { %struct.iocb**, i64, i64 } %23, 1 %31 = inttoptr i64 %30 to %struct.iocb* %32 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %31, i1 zeroext false) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %38 %35 = add i32 %20, 1 %36 = sext i32 %35 to i64 %37 = icmp sgt i64 %16, %36 br i1 %37, label %18, label %40 %41 = phi i32 [ %20, %38 ], [ 0, %11 ], [ %35, %34 ], [ %20, %18 ] %42 = phi i64 [ %19, %38 ], [ 0, %11 ], [ %36, %34 ], [ %19, %18 ] %43 = phi i64 [ %39, %38 ], [ 0, %11 ], [ 0, %34 ], [ -14, %18 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 __se_sys_io_submit 6 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %62, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #69 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %62, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 16 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 call void @blk_start_plug(%struct.blk_plug* nonnull %4) #69 %17 = icmp sgt i64 %16, 0 br i1 %17, label %18, label %40 %19 = phi i64 [ %36, %34 ], [ 0, %11 ] %20 = phi i32 [ %35, %34 ], [ 0, %11 ] %22 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %19 %23 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { %struct.iocb**, i64, i64 } %23, 0 %25 = extractvalue { %struct.iocb**, i64, i64 } %23, 2 %26 = ptrtoint %struct.iocb** %24 to i64 %27 = and i64 %26, 4294967295 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %40, !prof !4, !misexpect !5 %30 = extractvalue { %struct.iocb**, i64, i64 } %23, 1 %31 = inttoptr i64 %30 to %struct.iocb* %32 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %31, i1 zeroext false) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %38 %35 = add i32 %20, 1 %36 = sext i32 %35 to i64 %37 = icmp sgt i64 %16, %36 br i1 %37, label %18, label %40 %41 = phi i32 [ %20, %38 ], [ 0, %11 ], [ %35, %34 ], [ %20, %18 ] %42 = phi i64 [ %19, %38 ], [ 0, %11 ], [ %36, %34 ], [ %19, %18 ] %43 = phi i64 [ %39, %38 ], [ 0, %11 ], [ 0, %34 ], [ -14, %18 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 __elv_add_request 3 blk_flush_plug_list 4 blk_finish_plug 5 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %72, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #69 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %72, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 16 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 call void @blk_start_plug(%struct.blk_plug* nonnull %2) #69 %23 = icmp sgt i32 %22, 0 br i1 %23, label %24, label %50 %25 = zext i32 %22 to i64 br label %26 %27 = phi i64 [ 0, %24 ], [ %43, %42 ] %29 = getelementptr i32, i32* %11, i64 %27 %30 = call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i64, i64 } %30, 0 %32 = extractvalue { i32*, i64, i64 } %30, 2 %33 = ptrtoint i32* %31 to i64 %34 = and i64 %33, 4294967295 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %48, !prof !4, !misexpect !5 %37 = extractvalue { i32*, i64, i64 } %30, 1 %38 = and i64 %37, 4294967295 %39 = inttoptr i64 %38 to %struct.iocb* %40 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %39, i1 zeroext true) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %45 %43 = add nuw nsw i64 %27, 1 %44 = icmp eq i64 %43, %25 br i1 %44, label %50, label %26 %51 = phi i32 [ %46, %45 ], [ 0, %18 ], [ %49, %48 ], [ %22, %42 ] %52 = phi i64 [ %47, %45 ], [ 0, %18 ], [ -14, %48 ], [ 0, %42 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %2) #69 Function:blk_finish_plug %2 = tail call %struct.task_struct.251506* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251506** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.251506**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.251506, %struct.task_struct.251506* %2, i64 0, i32 110 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 16 %5 = icmp eq %struct.blk_plug* %4, %0 br i1 %5, label %6, label %7 tail call void @blk_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %4 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %3 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318605824 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext %1) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %3, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %53 = bitcast %struct.list_head* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 %59 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %60 = bitcast %struct.blk_plug* %0 to i64* %61 = load volatile i64, i64* %60, align 8 %62 = inttoptr i64 %61 to %struct.list_head* %63 = icmp eq %struct.list_head* %59, %62 br i1 %63, label %137, label %64 %65 = load volatile i64, i64* %60, align 8 %66 = inttoptr i64 %65 to %struct.list_head* %67 = icmp eq %struct.list_head* %59, %66 br i1 %67, label %76, label %68 call void @list_sort(i8* null, %struct.list_head* nonnull %4, i32 (i8*, %struct.list_head*, %struct.list_head*)* nonnull @plug_rq_cmp) #69 %77 = bitcast %struct.list_head* %4 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %4, %79 br i1 %80, label %137, label %81 %82 = phi i64 [ %123, %121 ], [ %78, %76 ] %83 = phi %struct.request_queue.251458* [ %115, %121 ], [ null, %76 ] %84 = phi i32 [ %122, %121 ], [ 0, %76 ] %85 = inttoptr i64 %82 to i8* %86 = getelementptr i8, i8* %85, i64 -64 %87 = bitcast i8* %86 to %struct.request.251405* %88 = getelementptr inbounds i8, i8* %85, i64 8 %89 = bitcast i8* %88 to %struct.list_head** %90 = load %struct.list_head*, %struct.list_head** %89, align 8 %91 = inttoptr i64 %82 to %struct.list_head** %92 = load %struct.list_head*, %struct.list_head** %91, align 8 %93 = getelementptr inbounds %struct.list_head, %struct.list_head* %92, i64 0, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = ptrtoint %struct.list_head* %92 to i64 %95 = bitcast %struct.list_head* %90 to i64* store volatile i64 %94, i64* %95, align 8 %96 = inttoptr i64 %82 to i64* store volatile i64 %82, i64* %96, align 8 %97 = bitcast i8* %88 to i8** store i8* %85, i8** %97, align 8 %98 = bitcast i8* %86 to %struct.request_queue.251458** %99 = load %struct.request_queue.251458*, %struct.request_queue.251458** %98, align 8 %100 = icmp eq %struct.request_queue.251458* %99, null br i1 %100, label %101, label %102, !prof !4, !misexpect !5 %103 = icmp eq %struct.request_queue.251458* %99, %83 br i1 %103, label %113, label %104 %114 = phi i32 [ 0, %108 ], [ %84, %102 ] %115 = phi %struct.request_queue.251458* [ %109, %108 ], [ %83, %102 ] %116 = getelementptr inbounds %struct.request_queue.251458, %struct.request_queue.251458* %115, i64 0, i32 32 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 4 %119 = icmp eq i64 %118, 0 br i1 %119, label %126, label %120, !prof !8, !misexpect !5 %127 = getelementptr i8, i8* %85, i64 -44 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = and i32 %129, 393216 %131 = icmp eq i32 %130, 0 %132 = select i1 %131, i32 6, i32 5 call void bitcast (void (%struct.request_queue.251033*, %struct.request.250979*, i32)* @__elv_add_request to void (%struct.request_queue.251458*, %struct.request.251405*, i32)*)(%struct.request_queue.251458* %115, %struct.request.251405* %87, i32 %132) #69 Function:__elv_add_request callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_rq_insert to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__elv_add_request, %4)) #6 to label %26 [label %4], !srcloc !4 %27 = getelementptr inbounds %struct.request_queue.251033, %struct.request_queue.251033* %0, i64 0, i32 40 %28 = load %struct.device.250966*, %struct.device.250966** %27, align 8 %29 = icmp eq %struct.device.250966* %28, null br i1 %29, label %47, label %30 %48 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 0 store %struct.request_queue.251033* %0, %struct.request_queue.251033** %48, align 8 %49 = getelementptr inbounds %struct.request.250979, %struct.request.250979* %1, i64 0, i32 4 %50 = load i32, i32* %49, align 8 %51 = and i32 %50, 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %68, label %53 %69 = and i32 %50, 4096 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %72 switch i32 %2, label %207 [ i32 4, label %77 i32 1, label %77 i32 2, label %73 i32 6, label %136 i32 3, label %138 i32 5, label %75 ] %76 = load i32, i32* %49, align 8 br label %204 %205 = phi i32 [ %76, %75 ], [ %50, %71 ] %206 = or i32 %205, 8 store i32 %206, i32* %49, align 8 tail call void bitcast (void (%struct.request.252563*)* @blk_insert_flush to void (%struct.request.250979*)*)(%struct.request.250979* %1) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %3 = load %struct.request_queue.252600*, %struct.request_queue.252600** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 32 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 6 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 1048576 %11 = icmp eq i64 %10, 0 br i1 %11, label %24, label %12 %25 = phi i32 [ %23, %20 ], [ %17, %12 ], [ %9, %1 ] %26 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 20 %27 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %28 = icmp eq %struct.blk_mq_ops.252589* %27, null br i1 %28, label %45, label %29 %30 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 1 %31 = load %struct.blk_mq_ctx.252556*, %struct.blk_mq_ctx.252556** %30, align 8 %32 = getelementptr inbounds %struct.blk_mq_ctx.252556, %struct.blk_mq_ctx.252556* %31, i64 0, i32 1 %33 = load i32, i32* %32, align 64 %34 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 25 %35 = load %struct.blk_mq_hw_ctx.252576**, %struct.blk_mq_hw_ctx.252576*** %34, align 8 %36 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %3, i64 0, i32 21 %37 = load i32*, i32** %36, align 8 %38 = sext i32 %33 to i64 %39 = getelementptr i32, i32* %37, i64 %38 %40 = load i32, i32* %39, align 4 %41 = zext i32 %40 to i64 %42 = getelementptr %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %35, i64 %41 %43 = load %struct.blk_mq_hw_ctx.252576*, %struct.blk_mq_hw_ctx.252576** %42, align 8 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.252576, %struct.blk_mq_hw_ctx.252576* %43, i64 0, i32 8 br label %47 %48 = phi %struct.blk_flush_queue.252565** [ %44, %29 ], [ %46, %45 ] %49 = load %struct.blk_flush_queue.252565*, %struct.blk_flush_queue.252565** %48, align 8 %50 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %51 = load i32, i32* %50, align 4 %52 = and i64 %5, 2097152 %53 = icmp eq i64 %52, 0 %54 = select i1 %53, i32 -395265, i32 -264193 %55 = and i32 %51, %54 %56 = or i32 %55, 2048 store i32 %56, i32* %50, align 4 %57 = icmp eq i32 %25, 0 br i1 %57, label %58, label %64 %65 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 9 %66 = load %struct.bio.252760*, %struct.bio.252760** %65, align 8 %67 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 10 %68 = load %struct.bio.252760*, %struct.bio.252760** %67, align 8 %69 = icmp eq %struct.bio.252760* %66, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = and i32 %25, 7 %73 = icmp eq i32 %72, 2 br i1 %73, label %74, label %87 %88 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0 %89 = bitcast %struct.anon.69.252559* %88 to i8* %90 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %91 = ptrtoint %struct.list_head* %90 to i64 %92 = bitcast %struct.list_head* %90 to i64* store volatile i64 %91, i64* %92, align 8 %93 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %90, %struct.list_head** %93, align 8 %94 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 4 %95 = load i32, i32* %94, align 8 %96 = or i32 %95, 16 store i32 %96, i32* %94, align 8 %97 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 30 %98 = bitcast void (%struct.request.252563*, i8)** %97 to i64* %99 = load i64, i64* %98, align 8 %100 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 2 %101 = bitcast void (%struct.request.252563*, i8)** %100 to i64* store i64 %99, i64* %101, align 8 %102 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %26, align 8 %103 = icmp eq %struct.blk_mq_ops.252589* %102, null br i1 %103, label %110, label %104 store void (%struct.request.252563*, i8)* @flush_data_end_io, void (%struct.request.252563*, i8)** %97, align 8 %111 = xor i32 %72, 7 %112 = tail call fastcc zeroext i1 @blk_flush_complete_seq(%struct.request.252563* %0, %struct.blk_flush_queue.252565* %49, i32 %111, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 0 %6 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 4 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %79, !prof !4, !misexpect !8 %24 = zext i32 %19 to i64 %25 = xor i64 %24, -1 %26 = tail call i64 asm "rep; bsf $1,$0", "=r,r,~{dirflag},~{fpsr},~{flags}"(i64 %25) #10, !srcloc !9 %27 = trunc i64 %26 to i32 %28 = shl nuw i32 1, %27 switch i32 %28, label %115 [ i32 1, label %29 i32 4, label %29 i32 2, label %50 i32 8, label %79 ] %51 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1 %52 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %53 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %54 = load %struct.list_head*, %struct.list_head** %53, align 8 %55 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %56 = load %struct.list_head*, %struct.list_head** %55, align 8 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 0, i32 1 store %struct.list_head* %54, %struct.list_head** %57, align 8 %58 = ptrtoint %struct.list_head* %56 to i64 %59 = bitcast %struct.list_head* %54 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 store %struct.list_head* %51, %struct.list_head** %60, align 8 store %struct.list_head* %52, %struct.list_head** %55, align 8 store %struct.list_head* %61, %struct.list_head** %53, align 8 %62 = ptrtoint %struct.list_head* %51 to i64 %63 = bitcast %struct.list_head* %61 to i64* store volatile i64 %62, i64* %63, align 8 %64 = load %struct.request_queue.252600*, %struct.request_queue.252600** %5, align 8 %65 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 20 %66 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %65, align 8 %67 = icmp eq %struct.blk_mq_ops.252589* %66, null br i1 %67, label %69, label %68 %70 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11 %71 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0 %72 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %64, i64 0, i32 0, i32 0 %73 = load %struct.list_head*, %struct.list_head** %72, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %74, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store %struct.list_head* %73, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.request.252563, %struct.request.252563* %0, i64 0, i32 11, i32 1 store %struct.list_head* %71, %struct.list_head** %76, align 8 %77 = ptrtoint %struct.list_head* %70 to i64 %78 = bitcast %struct.request_queue.252600* %64 to i64* store volatile i64 %77, i64* %78, align 8 br label %116 %117 = phi i32 [ 0, %113 ], [ 0, %114 ], [ 0, %37 ], [ 0, %68 ], [ 1, %69 ] %118 = load i8, i8* %7, align 8 %119 = lshr i8 %118, 1 %120 = and i8 %119, 1 %121 = zext i8 %120 to i64 %122 = getelementptr %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 3, i64 %121 %123 = bitcast %struct.list_head* %122 to i8** %124 = load i8*, i8** %123, align 8 %125 = getelementptr i8, i8* %124, i64 -128 %126 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 5 %127 = load %struct.request.252563*, %struct.request.252563** %126, align 8 %128 = lshr i8 %118, 2 %129 = and i8 %128, 1 %130 = icmp eq i8 %120, %129 br i1 %130, label %131, label %232 %132 = bitcast %struct.list_head* %122 to i64* %133 = load volatile i64, i64* %132, align 8 %134 = inttoptr i64 %133 to %struct.list_head* %135 = icmp eq %struct.list_head* %122, %134 br i1 %135, label %232, label %136 %137 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 4 %138 = bitcast %struct.list_head* %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.list_head* %141 = icmp eq %struct.list_head* %137, %140 br i1 %141, label %157, label %142 %143 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 20 %144 = load %struct.blk_mq_ops.252589*, %struct.blk_mq_ops.252589** %143, align 8 %145 = icmp eq %struct.blk_mq_ops.252589* %144, null br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.request_queue.252600, %struct.request_queue.252600* %6, i64 0, i32 2 %148 = load %struct.elevator_queue.252583*, %struct.elevator_queue.252583** %147, align 8 %149 = icmp eq %struct.elevator_queue.252583* %148, null br i1 %149, label %150, label %157 %151 = load volatile i64, i64* @jiffies, align 64 %152 = getelementptr inbounds %struct.blk_flush_queue.252565, %struct.blk_flush_queue.252565* %1, i64 0, i32 2 %153 = load i64, i64* %152, align 8 %154 = add i64 %151, -5000 %155 = sub i64 %154, %153 %156 = icmp slt i64 %155, 0 br i1 %156, label %232, label %157 %158 = xor i8 %118, 2 store i8 %158, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.251458*, %struct.request.251405*)* @blk_rq_init to void (%struct.request_queue.252600*, %struct.request.252563*)*)(%struct.request_queue.252600* %6, %struct.request.252563* %127) #69 ------------- Good: 506 Bad: 36 Ignored: 757 Check Use of Function:lo_ioctl Use: =BAD PATH= Call Stack: 0 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:pci_user_read_config_word Check Use of Function:sd_pr_register Check Use of Function:bad_inode_atomic_open Check Use of Function:disk_part_iter_next Check Use of Function:sr_select_speed Check Use of Function:add_partition Check Use of Function:sd_pr_reserve Check Use of Function:set_device_ro Check Use of Function:sd_pr_release Check Use of Function:security_shm_associate Use: =BAD PATH= Call Stack: 0 ksys_shmget 1 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = alloca %struct.util_est, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %5 to i32 %19 = trunc i64 %7 to i32 %20 = trunc i64 %9 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 %24 = lshr i32 %18, 16 %25 = trunc i64 %5 to i16 switch i16 %25, label %109 [ i16 1, label %26 i16 4, label %29 i16 2, label %34 i16 3, label %36 i16 11, label %51 i16 12, label %53 i16 13, label %76 i16 14, label %78 i16 21, label %81 i16 22, label %100 i16 23, label %103 i16 24, label %106 ] %104 = and i64 %9, 4294967295 %105 = tail call i64 @ksys_shmget(i32 %19, i64 %104, i32 %21) #69 Function:ksys_shmget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %6, i64 0, i32 85 %8 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %9, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %11, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %12, align 4 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2, i32 0 store i64 %1, i64* %13, align 8 %14 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %10, i64 0, i32 1, i64 2 %15 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %10, %struct.ipc_ids.224019* %14, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %12, i64 0, i32 85 %14 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %19, align 8 %20 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %16, i64 0, i32 1, i64 2 %21 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %16, %struct.ipc_ids.224019* %20, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.224184* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.224184** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.224184**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.224184, %struct.task_struct.224184* %13, i64 0, i32 85 %15 = load %struct.nsproxy.224041*, %struct.nsproxy.224041** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.224041, %struct.nsproxy.224041* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.224021*, %struct.ipc_namespace.224021** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace.224021, %struct.ipc_namespace.224021* %17, i64 0, i32 1, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.224021*, %struct.ipc_ids.224019*, %struct.ipc_ops.224285*, %struct.ipc_params*)*)(%struct.ipc_namespace.224021* %17, %struct.ipc_ids.224019* %21, %struct.ipc_ops.224285* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:modify_user_hw_breakpoint_check Check Use of Function:track_pfn_insert Check Use of Function:hibernation_restore Check Use of Function:serport_ldisc_open Check Use of Function:pci_mmap_page_range Check Use of Function:ext4_trim_fs Check Use of Function:amd_set_subcaches Check Use of Function:ext4_discard_preallocations Check Use of Function:rtc_cmos_write Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %31 = zext i8 %30 to i32 %32 = shl nuw nsw i32 %31, 8 %33 = call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 %34 = zext i8 %33 to i32 %35 = or i32 %32, %34 %36 = icmp eq i32 %27, %35 br i1 %36, label %37, label %72 %38 = icmp eq i64 %14, 0 br i1 %38, label %39, label %42 %43 = phi i8* [ %51, %42 ], [ %6, %37 ] %44 = phi i32 [ %50, %42 ], [ %8, %37 ] %45 = phi i64 [ %46, %42 ], [ %14, %37 ] %46 = add nsw i64 %45, -1 %47 = load i8, i8* %43, align 1 %48 = trunc i32 %44 to i8 %49 = add i8 %48, 14 call void @rtc_cmos_write(i8 zeroext %47, i8 zeroext %49) #69 %50 = add i32 %44, 1 %51 = getelementptr i8, i8* %43, i64 1 %52 = icmp eq i64 %46, 0 br i1 %52, label %39, label %42 %40 = phi i32 [ %8, %37 ], [ %50, %42 ] %41 = phi i8* [ %6, %37 ], [ %51, %42 ] br label %53 %54 = phi i32 [ %62, %53 ], [ 0, %39 ] %55 = phi i32 [ %61, %53 ], [ 2, %39 ] %56 = trunc i32 %55 to i8 %57 = add i8 %56, 14 %58 = call zeroext i8 @rtc_cmos_read(i8 zeroext %57) #69 %59 = zext i8 %58 to i32 %60 = add nuw nsw i32 %54, %59 %61 = add nuw nsw i32 %55, 1 %62 = and i32 %60, 65535 %63 = icmp eq i32 %61, 32 br i1 %63, label %64, label %53 %65 = lshr i32 %60, 8 %66 = trunc i32 %65 to i8 call void @rtc_cmos_write(i8 zeroext %66, i8 zeroext 46) #69 %67 = trunc i32 %60 to i8 call void @rtc_cmos_write(i8 zeroext %67, i8 zeroext 47) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %31 = zext i8 %30 to i32 %32 = shl nuw nsw i32 %31, 8 %33 = call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 %34 = zext i8 %33 to i32 %35 = or i32 %32, %34 %36 = icmp eq i32 %27, %35 br i1 %36, label %37, label %72 %38 = icmp eq i64 %14, 0 br i1 %38, label %39, label %42 %43 = phi i8* [ %51, %42 ], [ %6, %37 ] %44 = phi i32 [ %50, %42 ], [ %8, %37 ] %45 = phi i64 [ %46, %42 ], [ %14, %37 ] %46 = add nsw i64 %45, -1 %47 = load i8, i8* %43, align 1 %48 = trunc i32 %44 to i8 %49 = add i8 %48, 14 call void @rtc_cmos_write(i8 zeroext %47, i8 zeroext %49) #69 %50 = add i32 %44, 1 %51 = getelementptr i8, i8* %43, i64 1 %52 = icmp eq i64 %46, 0 br i1 %52, label %39, label %42 %40 = phi i32 [ %8, %37 ], [ %50, %42 ] %41 = phi i8* [ %6, %37 ], [ %51, %42 ] br label %53 %54 = phi i32 [ %62, %53 ], [ 0, %39 ] %55 = phi i32 [ %61, %53 ], [ 2, %39 ] %56 = trunc i32 %55 to i8 %57 = add i8 %56, 14 %58 = call zeroext i8 @rtc_cmos_read(i8 zeroext %57) #69 %59 = zext i8 %58 to i32 %60 = add nuw nsw i32 %54, %59 %61 = add nuw nsw i32 %55, 1 %62 = and i32 %60, 65535 %63 = icmp eq i32 %61, 32 br i1 %63, label %64, label %53 %65 = lshr i32 %60, 8 %66 = trunc i32 %65 to i8 call void @rtc_cmos_write(i8 zeroext %66, i8 zeroext 46) #69 ------------- Use: =BAD PATH= Call Stack: 0 nvram_write ------------- Path:  Function:nvram_write %5 = alloca [114 x i8], align 16 %6 = getelementptr inbounds [114 x i8], [114 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = icmp ugt i32 %8, 113 br i1 %9, label %73, label %10 %11 = sub i64 114, %7 %12 = and i64 %11, 4294967295 %13 = icmp ult i64 %12, %2 %14 = select i1 %13, i64 %12, i64 %2 %15 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %73 call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rtc_lock, i64 0, i32 0, i32 0)) #69 br label %18 %19 = phi i32 [ 2, %17 ], [ %26, %18 ] %20 = phi i32 [ 0, %17 ], [ %27, %18 ] %21 = trunc i32 %19 to i8 %22 = add i8 %21, 14 %23 = call zeroext i8 @rtc_cmos_read(i8 zeroext %22) #69 %24 = zext i8 %23 to i32 %25 = add nuw nsw i32 %20, %24 %26 = add nuw nsw i32 %19, 1 %27 = and i32 %25, 65535 %28 = icmp eq i32 %26, 32 br i1 %28, label %29, label %18 %30 = call zeroext i8 @rtc_cmos_read(i8 zeroext 46) #69 %31 = zext i8 %30 to i32 %32 = shl nuw nsw i32 %31, 8 %33 = call zeroext i8 @rtc_cmos_read(i8 zeroext 47) #69 %34 = zext i8 %33 to i32 %35 = or i32 %32, %34 %36 = icmp eq i32 %27, %35 br i1 %36, label %37, label %72 %38 = icmp eq i64 %14, 0 br i1 %38, label %39, label %42 %43 = phi i8* [ %51, %42 ], [ %6, %37 ] %44 = phi i32 [ %50, %42 ], [ %8, %37 ] %45 = phi i64 [ %46, %42 ], [ %14, %37 ] %46 = add nsw i64 %45, -1 %47 = load i8, i8* %43, align 1 %48 = trunc i32 %44 to i8 %49 = add i8 %48, 14 call void @rtc_cmos_write(i8 zeroext %47, i8 zeroext %49) #69 ------------- Good: 81 Bad: 3 Ignored: 369 Check Use of Function:ext4_double_down_write_data_sem Check Use of Function:__mark_inode_dirty Use: =BAD PATH= Call Stack: 0 mark_buffer_dirty 1 ext4_commit_super 2 __ext4_error_inode 3 __ext4_ext_check 4 ext4_ext_precache 5 ext4_ioctl 6 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.163071* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 %126 = icmp eq i32 %1, 0 br i1 %126, label %134, label %127 %128 = tail call i32 @_cond_resched() #69 %129 = getelementptr inbounds %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %130 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %129, i64 2, i64* %129) #6, !srcloc !4 %131 = and i8 %130, 1 %132 = icmp eq i8 %131, 0 br i1 %132, label %134, label %133 tail call void bitcast (void (%struct.buffer_head.133279*)* @__lock_buffer to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 br label %134 %135 = getelementptr %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %136 = load volatile i64, i64* %135, align 8 %137 = and i64 %136, 2048 %138 = icmp eq i64 %137, 0 br i1 %138, label %139, label %143 %140 = load volatile i64, i64* %135, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = and i64 %140, 1 %142 = icmp eq i64 %141, 0 br i1 %142, label %143, label %150 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33.17393, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.419, i64 0, i64 0)) #70 %144 = bitcast %struct.buffer_head.166853* %9 to i8* %145 = getelementptr i8, i8* %144, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %145, i8 -9, i8* %145) #6, !srcloc !6 %146 = load volatile i64, i64* %135, align 8 %147 = and i64 %146, 1 %148 = icmp eq i64 %147, 0 br i1 %148, label %149, label %150 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* nonnull %144, i8 1, i8* nonnull %144) #6, !srcloc !7 br label %150 tail call void bitcast (void (%struct.buffer_head.133279*)* @mark_buffer_dirty to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 Function:mark_buffer_dirty %2 = getelementptr %struct.buffer_head.133279, %struct.buffer_head.133279* %0, i64 0, i32 0 %3 = load volatile i64, i64* %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = and i64 %3, 1 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %7, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.15166, i64 0, i64 0), i32 1087, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 190) #6, !srcloc !8 br label %7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_dirty_buffer to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@mark_buffer_dirty, %8)) #6 to label %30 [label %8], !srcloc !9 %31 = load volatile i64, i64* %2, align 8 %32 = and i64 %31, 2 %33 = icmp eq i64 %32, 0 br i1 %33, label %38, label %34 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %35 = load volatile i64, i64* %2, align 8 %36 = and i64 %35, 2 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %63 %39 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 1, i64* %2) #6, !srcloc !15 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %63 %43 = getelementptr inbounds %struct.buffer_head.133279, %struct.buffer_head.133279* %0, i64 0, i32 2 %44 = load %struct.page.133278*, %struct.page.133278** %43, align 8 %45 = getelementptr inbounds %struct.page.133278, %struct.page.133278* %44, i64 0, i32 1 %46 = bitcast %union.anon.133276* %45 to i64* %47 = load volatile i64, i64* %46, align 8 %48 = and i64 %47, 1 %49 = icmp eq i64 %48, 0 %50 = add i64 %47, -1 %51 = inttoptr i64 %50 to %struct.page.133278* %52 = select i1 %49, %struct.page.133278* %44, %struct.page.133278* %51, !prof !16 %53 = getelementptr inbounds %struct.page.133278, %struct.page.133278* %52, i64 0, i32 0 %54 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 4, i64* %53) #6, !srcloc !15 %55 = and i8 %54, 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %57, label %63 %58 = tail call %struct.address_space.133274* bitcast (%struct.address_space* (%struct.page*)* @page_mapping to %struct.address_space.133274* (%struct.page.133278*)*)(%struct.page.133278* %44) #69 %59 = icmp eq %struct.address_space.133274* %58, null br i1 %59, label %63, label %60 tail call void @__set_page_dirty(%struct.page.133278* %44, %struct.address_space.133274* nonnull %58, i32 0) #70 %61 = getelementptr inbounds %struct.address_space.133274, %struct.address_space.133274* %58, i64 0, i32 0 %62 = load %struct.inode.133267*, %struct.inode.133267** %61, align 8 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.133267*, i32)*)(%struct.inode.133267* %62, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 mark_buffer_dirty 1 ext4_commit_super 2 __ext4_error_inode 3 __ext4_ext_check 4 ext4_ext_precache 5 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.anon.81.157862, align 8 %5 = alloca %struct.anon.81.157862, align 8 %6 = alloca %struct.anon.81.157862, align 8 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.anon.81.157862, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.ext4_iloc.163098, align 8 %13 = alloca [3 x %struct.dquot.162755*], align 16 %14 = alloca %struct.ext4_iloc.163098, align 8 %15 = alloca %struct.efi_memory_desc_t, align 8 %16 = alloca %struct.ext4_new_group_data, align 8 %17 = alloca i64, align 8 %18 = alloca %struct.task_cputime, align 8 %19 = alloca %struct.fsxattr, align 4 %20 = alloca %struct.fsxattr, align 4 %21 = getelementptr inbounds %struct.file.163071, %struct.file.163071* %0, i64 0, i32 2 %22 = load %struct.inode.163062*, %struct.inode.163062** %21, align 8 %23 = getelementptr inbounds %struct.inode.163062, %struct.inode.163062* %22, i64 0, i32 8 %24 = load %struct.super_block.163044*, %struct.super_block.163044** %23, align 8 %25 = getelementptr %struct.inode.163062, %struct.inode.163062* %22, i64 -1, i32 38 %26 = bitcast %struct.file_operations.163059** %25 to %struct.ext4_inode_info.163107* switch i32 %1, label %1021 [ i32 -1061136325, label %27 i32 -2146933247, label %31 i32 1074292226, label %40 i32 -2146933245, label %89 i32 -2146929151, label %89 i32 1074292228, label %95 i32 1074296322, label %95 i32 1074292231, label %171 i32 -1071094257, label %225 i32 1076389384, label %282 i32 26121, label %291 i32 26124, label %302 i32 26129, label %312 i32 1074292240, label %644 i32 -1072146311, label %725 i32 26130, label %769 i32 -2146671085, label %1022 i32 1074816532, label %1022 i32 1074554389, label %1022 i32 -2145626081, label %772 i32 1075599392, label %815 i32 -2147198851, label %1018 ] %770 = tail call i32 bitcast (i32 (%struct.inode.100633*)* @ext4_ext_precache to i32 (%struct.inode.163062*)*)(%struct.inode.163062* %22) #70 Function:ext4_ext_precache %2 = getelementptr %struct.inode.100633, %struct.inode.100633* %0, i64 -1, i32 38 %3 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 10 %4 = bitcast %struct.file_operations.100630** %3 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 524288 %7 = icmp eq i64 %6, 0 br i1 %7, label %109, label %8 %9 = getelementptr inbounds %struct.file_operations.100630*, %struct.file_operations.100630** %2, i64 19 %10 = bitcast %struct.file_operations.100630** %9 to %struct.rw_semaphore.100572* tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.100572*)*)(%struct.rw_semaphore.100572* %10) #69 %11 = bitcast %struct.file_operations.100630** %2 to %struct.ext4_extent_header* %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %11, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = add nuw nsw i32 %14, 1 %16 = zext i32 %15 to i64 %17 = tail call fastcc i8* @kcalloc.16705(i64 %16, i64 48) #70 %18 = bitcast i8* %17 to %struct.ext4_ext_path* %19 = icmp eq i8* %17, null br i1 %19, label %20, label %21 %22 = icmp eq i16 %13, 0 br i1 %22, label %91, label %23 %24 = getelementptr inbounds i8, i8* %17, i64 32 %25 = bitcast i8* %24 to %struct.file_operations.100630*** store %struct.file_operations.100630** %2, %struct.file_operations.100630*** %25, align 8 %26 = tail call fastcc i32 @__ext4_ext_check(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.ext4_ext_precache, i64 0, i64 0), i32 603, %struct.inode.100633* %0, %struct.ext4_extent_header* %11, i32 %14, i64 0) #70 Function:__ext4_ext_check %7 = alloca %struct.anon.87.159493, align 8 %8 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 0 %9 = load i16, i16* %8, align 4 %10 = icmp eq i16 %9, -3318 br i1 %10, label %11, label %220, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %13 = load i16, i16* %12, align 2 %14 = zext i16 %13 to i32 %15 = icmp eq i32 %14, %4 br i1 %15, label %16, label %220, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %18 = load i16, i16* %17, align 4 %19 = icmp eq i16 %18, 0 br i1 %19, label %220, label %20, !prof !6, !misexpect !5 %21 = getelementptr %struct.inode.100633, %struct.inode.100633* %2, i64 -1, i32 38 %22 = bitcast %struct.file_operations.100630** %21 to %struct.ext4_extent_header* %23 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %22, i64 0, i32 3 %24 = load i16, i16* %23, align 2 %25 = zext i16 %24 to i32 %26 = icmp eq i32 %25, %4 br i1 %26, label %35, label %27 %36 = phi i32 [ 4, %20 ], [ %34, %27 ] %37 = zext i16 %18 to i32 %38 = icmp slt i32 %36, %37 br i1 %38, label %220, label %39, !prof !6, !misexpect !5 %40 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %41 = load i16, i16* %40, align 2 %42 = icmp ugt i16 %41, %18 br i1 %42, label %220, label %43, !prof !6, !misexpect !5 %44 = icmp eq i16 %41, 0 br i1 %44, label %145, label %45 %46 = icmp eq i32 %4, 0 %47 = getelementptr %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 1 br i1 %46, label %48, label %110 %111 = bitcast %struct.ext4_extent_header* %47 to %struct.bug_entry* br label %112 %113 = phi %struct.bug_entry* [ %142, %141 ], [ %111, %110 ] %114 = phi i32 [ %128, %141 ], [ 0, %110 ] %115 = phi i16 [ %143, %141 ], [ %41, %110 ] %116 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 1 %117 = load i32, i32* %116, align 4 %118 = zext i32 %117 to i64 %119 = getelementptr inbounds %struct.bug_entry, %struct.bug_entry* %113, i64 0, i32 2 %120 = load i16, i16* %119, align 4 %121 = zext i16 %120 to i64 %122 = shl nuw nsw i64 %121, 32 %123 = or i64 %122, %118 %124 = tail call i32 bitcast (i32 (%struct.inode.158233*, i64, i32)* @ext4_inode_block_valid to i32 (%struct.inode.100633*, i64, i32)*)(%struct.inode.100633* %2, i64 %123, i32 1) #69 %125 = icmp eq i32 %124, 0 br i1 %125, label %220, label %126 %221 = phi i64 [ %5, %16 ], [ %5, %35 ], [ %5, %39 ], [ %5, %145 ], [ %5, %217 ], [ %5, %11 ], [ %5, %6 ], [ %140, %132 ], [ %5, %88 ], [ %5, %72 ], [ %5, %57 ], [ %5, %112 ] %222 = phi i8* [ getelementptr inbounds ([15 x i8], [15 x i8]* @.str.10.16696, i64 0, i64 0), %16 ], [ getelementptr inbounds ([17 x i8], [17 x i8]* @.str.11.16697, i64 0, i64 0), %35 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.12.16698, i64 0, i64 0), %39 ], [ getelementptr inbounds ([19 x i8], [19 x i8]* @.str.14.16699, i64 0, i64 0), %145 ], [ getelementptr inbounds ([22 x i8], [22 x i8]* @.str.15.16700, i64 0, i64 0), %217 ], [ getelementptr inbounds ([20 x i8], [20 x i8]* @.str.9.16701, i64 0, i64 0), %11 ], [ getelementptr inbounds ([14 x i8], [14 x i8]* @.str.8.16702, i64 0, i64 0), %6 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %132 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %88 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %72 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %57 ], [ getelementptr inbounds ([23 x i8], [23 x i8]* @.str.13.16703, i64 0, i64 0), %112 ] %223 = phi i32 [ 0, %16 ], [ %36, %35 ], [ %36, %39 ], [ %36, %145 ], [ %36, %217 ], [ 0, %11 ], [ 0, %6 ], [ %36, %132 ], [ %36, %88 ], [ %36, %72 ], [ %36, %57 ], [ %36, %112 ] %224 = phi i32 [ -117, %16 ], [ -117, %35 ], [ -117, %39 ], [ -117, %145 ], [ -74, %217 ], [ -117, %11 ], [ -117, %6 ], [ -117, %132 ], [ -117, %88 ], [ -117, %72 ], [ -117, %57 ], [ -117, %112 ] %225 = load i16, i16* %8, align 4 %226 = zext i16 %225 to i32 %227 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 1 %228 = load i16, i16* %227, align 2 %229 = zext i16 %228 to i32 %230 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 2 %231 = load i16, i16* %230, align 4 %232 = zext i16 %231 to i32 %233 = getelementptr inbounds %struct.ext4_extent_header, %struct.ext4_extent_header* %3, i64 0, i32 3 %234 = load i16, i16* %233, align 2 %235 = zext i16 %234 to i32 call void (%struct.inode.100633*, i8*, i32, i64, i8*, ...) bitcast (void (%struct.inode.166778*, i8*, i32, i64, i8*, ...)* @__ext4_error_inode to void (%struct.inode.100633*, i8*, i32, i64, i8*, ...)*)(%struct.inode.100633* %2, i8* %0, i32 %1, i64 0, i8* getelementptr inbounds ([81 x i8], [81 x i8]* @.str.16.16704, i64 0, i64 0), i64 %221, i8* nonnull %222, i32 %226, i32 %229, i32 %232, i32 %223, i32 %235, i32 %4) #69 Function:__ext4_error_inode %6 = alloca [1 x %struct.__va_list_tag], align 16 %7 = alloca %struct.va_format, align 8 %8 = bitcast [1 x %struct.__va_list_tag]* %6 to i8* %9 = bitcast %struct.va_format* %7 to i8* %10 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 8 %11 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %11, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.ext4_sb_info.166893** %14 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %13, align 64 %15 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 15 %16 = load %struct.ext4_super_block*, %struct.ext4_super_block** %15, align 8 %17 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %14, i64 0, i32 48 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 2 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %81, !prof !4, !misexpect !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_error, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@__ext4_error_inode, %22)) #6 to label %44 [label %22], !srcloc !6 %45 = getelementptr inbounds %struct.inode.166778, %struct.inode.166778* %0, i64 0, i32 11 %46 = load i64, i64* %45, align 8 %47 = trunc i64 %46 to i32 %48 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 76 store i32 %47, i32* %48, align 8 %49 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %16, i64 0, i32 78 store i64 %3, i64* %49, align 8 %50 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 %51 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %50, i64 0, i32 30 %52 = bitcast i8** %51 to %struct.ext4_sb_info.166893** %53 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %52, align 64 %54 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %53, i64 0, i32 112 %55 = tail call i32 @___ratelimit(%struct.ratelimit_state* %54, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.17414, i64 0, i64 0)) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %71, label %57 %72 = load %struct.super_block.166754*, %struct.super_block.166754** %10, align 8 call fastcc void @__save_error_info(%struct.super_block.166754* %72, i8* %1, i32 %2) #69 %73 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %72, i64 0, i32 21 %74 = load %struct.block_device.166667*, %struct.block_device.166667** %73, align 8 %75 = call i32 bitcast (i32 (%struct.block_device.258583*)* @bdev_read_only to i32 (%struct.block_device.166667*)*)(%struct.block_device.166667* %74) #69 %76 = icmp eq i32 %75, 0 br i1 %76, label %77, label %79 %78 = call fastcc i32 @ext4_commit_super(%struct.super_block.166754* %72, i32 1) #69 Function:ext4_commit_super %3 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.ext4_sb_info.166893** %5 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %6 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 15 %7 = load %struct.ext4_super_block*, %struct.ext4_super_block** %6, align 8 %8 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %5, i64 0, i32 14 %9 = load %struct.buffer_head.166853*, %struct.buffer_head.166853** %8, align 32 %10 = icmp eq %struct.buffer_head.166853* %9, null br i1 %10, label %168, label %11 %12 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 21 %13 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %14 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %13, i64 0, i32 2 %15 = load %struct.inode.166778*, %struct.inode.166778** %14, align 8 %16 = icmp eq %struct.inode.166778* %15, null br i1 %16, label %29, label %17 %30 = phi %struct.backing_dev_info.166653* [ %25, %22 ], [ %28, %26 ], [ bitcast (%struct.backing_dev_info.100513* @noop_backing_dev_info to %struct.backing_dev_info.166653*), %11 ] %31 = getelementptr inbounds %struct.backing_dev_info.166653, %struct.backing_dev_info.166653* %30, i64 0, i32 16 %32 = load %struct.device.166618*, %struct.device.166618** %31, align 8 %33 = icmp eq %struct.device.166618* %32, null br i1 %33, label %168, label %34 %35 = getelementptr inbounds %struct.super_block.166754, %struct.super_block.166754* %0, i64 0, i32 10 %36 = load i64, i64* %35, align 16 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %50 %51 = load %struct.block_device.166667*, %struct.block_device.166667** %12, align 8 %52 = getelementptr inbounds %struct.block_device.166667, %struct.block_device.166667* %51, i64 0, i32 13 %53 = load %struct.hd_struct.166621*, %struct.hd_struct.166621** %52, align 8 %54 = icmp eq %struct.hd_struct.166621* %53, null %55 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %56 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %55, i64 0, i32 91 %57 = load i64, i64* %56, align 8 br i1 %54, label %90, label %58 %91 = phi i64 [ %89, %82 ], [ %57, %50 ] %92 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %7, i64 0, i32 64 store i64 %91, i64* %92, align 8 %93 = load %struct.ext4_sb_info.166893*, %struct.ext4_sb_info.166893** %4, align 64 %94 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %93, i64 0, i32 36, i32 3 %95 = load i32*, i32** %94, align 8 %96 = icmp eq i32* %95, null br i1 %96, label %113, label %97 %114 = phi %struct.ext4_sb_info.166893* [ %93, %90 ], [ %112, %97 ] %115 = getelementptr inbounds %struct.ext4_sb_info.166893, %struct.ext4_sb_info.166893* %114, i64 0, i32 37, i32 3 %116 = load i32*, i32** %115, align 8 %117 = icmp eq i32* %116, null br i1 %117, label %125, label %118 tail call void @ext4_superblock_csum_set(%struct.super_block.166754* %0) #70 %126 = icmp eq i32 %1, 0 br i1 %126, label %134, label %127 %128 = tail call i32 @_cond_resched() #69 %129 = getelementptr inbounds %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %130 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %129, i64 2, i64* %129) #6, !srcloc !4 %131 = and i8 %130, 1 %132 = icmp eq i8 %131, 0 br i1 %132, label %134, label %133 tail call void bitcast (void (%struct.buffer_head.133279*)* @__lock_buffer to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 br label %134 %135 = getelementptr %struct.buffer_head.166853, %struct.buffer_head.166853* %9, i64 0, i32 0 %136 = load volatile i64, i64* %135, align 8 %137 = and i64 %136, 2048 %138 = icmp eq i64 %137, 0 br i1 %138, label %139, label %143 %140 = load volatile i64, i64* %135, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = and i64 %140, 1 %142 = icmp eq i64 %141, 0 br i1 %142, label %143, label %150 tail call void (%struct.super_block.166754*, i8*, i8*, ...) @__ext4_msg(%struct.super_block.166754* %0, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33.17393, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.419, i64 0, i64 0)) #70 %144 = bitcast %struct.buffer_head.166853* %9 to i8* %145 = getelementptr i8, i8* %144, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %145, i8 -9, i8* %145) #6, !srcloc !6 %146 = load volatile i64, i64* %135, align 8 %147 = and i64 %146, 1 %148 = icmp eq i64 %147, 0 br i1 %148, label %149, label %150 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* nonnull %144, i8 1, i8* nonnull %144) #6, !srcloc !7 br label %150 tail call void bitcast (void (%struct.buffer_head.133279*)* @mark_buffer_dirty to void (%struct.buffer_head.166853*)*)(%struct.buffer_head.166853* nonnull %9) #69 Function:mark_buffer_dirty %2 = getelementptr %struct.buffer_head.133279, %struct.buffer_head.133279* %0, i64 0, i32 0 %3 = load volatile i64, i64* %2, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = and i64 %3, 1 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %7, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.15166, i64 0, i64 0), i32 1087, i32 2307, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 190) #6, !srcloc !8 br label %7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_dirty_buffer to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@mark_buffer_dirty, %8)) #6 to label %30 [label %8], !srcloc !9 %31 = load volatile i64, i64* %2, align 8 %32 = and i64 %31, 2 %33 = icmp eq i64 %32, 0 br i1 %33, label %38, label %34 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %35 = load volatile i64, i64* %2, align 8 %36 = and i64 %35, 2 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %63 %39 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 1, i64* %2) #6, !srcloc !15 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %63 %43 = getelementptr inbounds %struct.buffer_head.133279, %struct.buffer_head.133279* %0, i64 0, i32 2 %44 = load %struct.page.133278*, %struct.page.133278** %43, align 8 %45 = getelementptr inbounds %struct.page.133278, %struct.page.133278* %44, i64 0, i32 1 %46 = bitcast %union.anon.133276* %45 to i64* %47 = load volatile i64, i64* %46, align 8 %48 = and i64 %47, 1 %49 = icmp eq i64 %48, 0 %50 = add i64 %47, -1 %51 = inttoptr i64 %50 to %struct.page.133278* %52 = select i1 %49, %struct.page.133278* %44, %struct.page.133278* %51, !prof !16 %53 = getelementptr inbounds %struct.page.133278, %struct.page.133278* %52, i64 0, i32 0 %54 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 4, i64* %53) #6, !srcloc !15 %55 = and i8 %54, 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %57, label %63 %58 = tail call %struct.address_space.133274* bitcast (%struct.address_space* (%struct.page*)* @page_mapping to %struct.address_space.133274* (%struct.page.133278*)*)(%struct.page.133278* %44) #69 %59 = icmp eq %struct.address_space.133274* %58, null br i1 %59, label %63, label %60 tail call void @__set_page_dirty(%struct.page.133278* %44, %struct.address_space.133274* nonnull %58, i32 0) #70 %61 = getelementptr inbounds %struct.address_space.133274, %struct.address_space.133274* %58, i64 0, i32 0 %62 = load %struct.inode.133267*, %struct.inode.133267** %61, align 8 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.133267*, i32)*)(%struct.inode.133267* %62, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_fsync_range 1 __se_sys_msync 2 __ia32_sys_msync ------------- Path:  Function:__ia32_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_msync(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_msync %4 = trunc i64 %2 to i32 %5 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %5, i64 0, i32 32 %7 = load %struct.mm_struct.111386*, %struct.mm_struct.111386** %6, align 32 %8 = icmp ult i32 %4, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %95 %13 = and i32 %4, 4 %14 = and i32 %4, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %95, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %95, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %93, label %23 %24 = getelementptr inbounds %struct.mm_struct.111386, %struct.mm_struct.111386* %7, i64 0, i32 0, i32 16 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.111632*)*)(%struct.rw_semaphore.111632* %24) #69 %25 = tail call %struct.vm_area_struct.111354* @find_vma(%struct.mm_struct.111386* %7, i64 %0) #69 %26 = icmp eq %struct.vm_area_struct.111354* %25, null br i1 %26, label %86, label %27 %28 = and i32 %4, 2 %29 = icmp eq i32 %28, 0 %30 = icmp ne i32 %13, 0 br label %31 %32 = phi i64 [ %0, %27 ], [ %57, %83 ] %33 = phi %struct.vm_area_struct.111354* [ %25, %27 ], [ %84, %83 ] %34 = phi i32 [ 0, %27 ], [ %41, %83 ] %35 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = icmp ult i64 %32, %36 br i1 %37, label %38, label %40 %39 = icmp ult i64 %36, %19 br i1 %39, label %40, label %86 %41 = phi i32 [ %34, %31 ], [ -12, %38 ] %42 = phi i64 [ %32, %31 ], [ %36, %38 ] br i1 %29, label %48, label %43 %44 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 8192 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %86 %49 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 14 %50 = load %struct.file.111694*, %struct.file.111694** %49, align 8 %51 = sub i64 %42, %36 %52 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 13 %53 = load i64, i64* %52, align 8 %54 = shl i64 %53, 12 %55 = add i64 %54, %51 %56 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %19, %57 %59 = select i1 %58, i64 %19, i64 %57 %60 = xor i64 %42, -1 %61 = add i64 %55, %60 %62 = add i64 %61, %59 %63 = icmp ne %struct.file.111694* %50, null %64 = and i1 %30, %63 br i1 %64, label %65, label %78 %66 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 8 %67 = load i64, i64* %66, align 8 %68 = and i64 %67, 8 %69 = icmp eq i64 %68, 0 br i1 %69, label %78, label %70 %71 = getelementptr inbounds %struct.file.111694, %struct.file.111694* %50, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %71, i64* %71) #6, !srcloc !5 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.111632*)*)(%struct.rw_semaphore.111632* %24) #69 %72 = tail call i32 bitcast (i32 (%struct.file.130674*, i64, i64, i32)* @vfs_fsync_range to i32 (%struct.file.111694*, i64, i64, i32)*)(%struct.file.111694* nonnull %50, i64 %55, i64 %62, i32 1) #69 Function:vfs_fsync_range %5 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 19 %6 = load %struct.address_space.130521*, %struct.address_space.130521** %5, align 8 %7 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %6, i64 0, i32 0 %8 = load %struct.inode.130684*, %struct.inode.130684** %7, align 8 %9 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 3 %10 = load %struct.file_operations.130671*, %struct.file_operations.130671** %9, align 8 %11 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %10, i64 0, i32 16 %12 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %11, align 8 %13 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %12, null br i1 %13, label %28, label %14 %15 = icmp eq i32 %3, 0 br i1 %15, label %16, label %25 %17 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %8, i64 0, i32 23 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 2048 %20 = icmp eq i64 %19, 0 br i1 %20, label %25, label %21 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %8, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_fsync_range 1 __se_sys_msync 2 __x64_sys_msync ------------- Path:  Function:__x64_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_msync(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_msync %4 = trunc i64 %2 to i32 %5 = tail call %struct.task_struct.111631* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.111631** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.111631**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.111631, %struct.task_struct.111631* %5, i64 0, i32 32 %7 = load %struct.mm_struct.111386*, %struct.mm_struct.111386** %6, align 32 %8 = icmp ult i32 %4, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %95 %13 = and i32 %4, 4 %14 = and i32 %4, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %95, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %95, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %93, label %23 %24 = getelementptr inbounds %struct.mm_struct.111386, %struct.mm_struct.111386* %7, i64 0, i32 0, i32 16 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.111632*)*)(%struct.rw_semaphore.111632* %24) #69 %25 = tail call %struct.vm_area_struct.111354* @find_vma(%struct.mm_struct.111386* %7, i64 %0) #69 %26 = icmp eq %struct.vm_area_struct.111354* %25, null br i1 %26, label %86, label %27 %28 = and i32 %4, 2 %29 = icmp eq i32 %28, 0 %30 = icmp ne i32 %13, 0 br label %31 %32 = phi i64 [ %0, %27 ], [ %57, %83 ] %33 = phi %struct.vm_area_struct.111354* [ %25, %27 ], [ %84, %83 ] %34 = phi i32 [ 0, %27 ], [ %41, %83 ] %35 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = icmp ult i64 %32, %36 br i1 %37, label %38, label %40 %39 = icmp ult i64 %36, %19 br i1 %39, label %40, label %86 %41 = phi i32 [ %34, %31 ], [ -12, %38 ] %42 = phi i64 [ %32, %31 ], [ %36, %38 ] br i1 %29, label %48, label %43 %44 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 8192 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %86 %49 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 14 %50 = load %struct.file.111694*, %struct.file.111694** %49, align 8 %51 = sub i64 %42, %36 %52 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 13 %53 = load i64, i64* %52, align 8 %54 = shl i64 %53, 12 %55 = add i64 %54, %51 %56 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %19, %57 %59 = select i1 %58, i64 %19, i64 %57 %60 = xor i64 %42, -1 %61 = add i64 %55, %60 %62 = add i64 %61, %59 %63 = icmp ne %struct.file.111694* %50, null %64 = and i1 %30, %63 br i1 %64, label %65, label %78 %66 = getelementptr inbounds %struct.vm_area_struct.111354, %struct.vm_area_struct.111354* %33, i64 0, i32 8 %67 = load i64, i64* %66, align 8 %68 = and i64 %67, 8 %69 = icmp eq i64 %68, 0 br i1 %69, label %78, label %70 %71 = getelementptr inbounds %struct.file.111694, %struct.file.111694* %50, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %71, i64* %71) #6, !srcloc !5 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.111632*)*)(%struct.rw_semaphore.111632* %24) #69 %72 = tail call i32 bitcast (i32 (%struct.file.130674*, i64, i64, i32)* @vfs_fsync_range to i32 (%struct.file.111694*, i64, i64, i32)*)(%struct.file.111694* nonnull %50, i64 %55, i64 %62, i32 1) #69 Function:vfs_fsync_range %5 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 19 %6 = load %struct.address_space.130521*, %struct.address_space.130521** %5, align 8 %7 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %6, i64 0, i32 0 %8 = load %struct.inode.130684*, %struct.inode.130684** %7, align 8 %9 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 3 %10 = load %struct.file_operations.130671*, %struct.file_operations.130671** %9, align 8 %11 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %10, i64 0, i32 16 %12 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %11, align 8 %13 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %12, null br i1 %13, label %28, label %14 %15 = icmp eq i32 %3, 0 br i1 %15, label %16, label %25 %17 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %8, i64 0, i32 23 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 2048 %20 = icmp eq i64 %19, 0 br i1 %20, label %25, label %21 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %8, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_fsync 1 nfs4_file_flush ------------- Path:  Function:nfs4_file_flush %3 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 2 %4 = load %struct.inode.733*, %struct.inode.733** %3, align 8 %5 = getelementptr inbounds %struct.inode.733, %struct.inode.733* %4, i64 0, i32 8 %6 = load %struct.super_block.720*, %struct.super_block.720** %5, align 8 %7 = getelementptr inbounds %struct.super_block.720, %struct.super_block.720* %6, i64 0, i32 30 %8 = bitcast i8** %7 to %struct.nfs_server.200973** %9 = load %struct.nfs_server.200973*, %struct.nfs_server.200973** %8, align 64 %10 = getelementptr inbounds %struct.nfs_server.200973, %struct.nfs_server.200973* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 14 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %25, label %17 %18 = tail call zeroext i1 @nfs4_delegation_flush_on_close(%struct.inode.733* %4) #69 br i1 %18, label %23, label %19 %24 = tail call i32 bitcast (i32 (%struct.file.130674*, i32)* @vfs_fsync to i32 (%struct.file.725*, i32)*)(%struct.file.725* %0, i32 0) #69 Function:vfs_fsync %3 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 19 %4 = load %struct.address_space.130521*, %struct.address_space.130521** %3, align 8 %5 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %4, i64 0, i32 0 %6 = load %struct.inode.130684*, %struct.inode.130684** %5, align 8 %7 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 3 %8 = load %struct.file_operations.130671*, %struct.file_operations.130671** %7, align 8 %9 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %8, i64 0, i32 16 %10 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %9, align 8 %11 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %10, null br i1 %11, label %26, label %12 %13 = icmp eq i32 %1, 0 br i1 %13, label %14, label %23 %15 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %6, i64 0, i32 23 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 2048 %18 = icmp eq i64 %17, 0 br i1 %18, label %23, label %19 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_fsync 1 do_unlk 2 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.179124, %struct.file.179124* %0, i64 0, i32 19 %5 = load %struct.address_space.179021*, %struct.address_space.179021** %4, align 8 %6 = getelementptr inbounds %struct.address_space.179021, %struct.address_space.179021* %5, i64 0, i32 0 %7 = load %struct.inode.179116*, %struct.inode.179116** %6, align 8 %8 = getelementptr inbounds %struct.inode.179116, %struct.inode.179116* %7, i64 0, i32 8 %9 = load %struct.super_block.179104*, %struct.super_block.179104** %8, align 8 %10 = getelementptr inbounds %struct.super_block.179104, %struct.super_block.179104* %9, i64 0, i32 30 %11 = bitcast i8** %10 to %struct.nfs_server.179258** %12 = load %struct.nfs_server.179258*, %struct.nfs_server.179258** %11, align 64 %13 = getelementptr inbounds %struct.nfs_server.179258, %struct.nfs_server.179258* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.inode.179116, %struct.inode.179116* %7, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, 1032 %19 = icmp eq i16 %18, 1024 br i1 %19, label %20, label %24 %25 = load %struct.super_block.179104*, %struct.super_block.179104** %8, align 8 %26 = getelementptr inbounds %struct.super_block.179104, %struct.super_block.179104* %25, i64 0, i32 30 %27 = bitcast i8** %26 to %struct.nfs_server.179258** %28 = load %struct.nfs_server.179258*, %struct.nfs_server.179258** %27, align 64 %29 = getelementptr inbounds %struct.nfs_server.179258, %struct.nfs_server.179258* %28, i64 0, i32 8 %30 = load i32, i32* %29, align 8 %31 = lshr i32 %30, 21 %32 = and i32 %31, 1 %33 = getelementptr inbounds %struct.nfs_server.179258, %struct.nfs_server.179258* %28, i64 0, i32 0 %34 = load %struct.nfs_client.179253*, %struct.nfs_client.179253** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.179253, %struct.nfs_client.179253* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.179236*, %struct.nfs_rpc_ops.179236** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.179236, %struct.nfs_rpc_ops.179236* %36, i64 0, i32 43 %38 = load i32 (%struct.file_lock.179111*)*, i32 (%struct.file_lock.179111*)** %37, align 8 %39 = icmp eq i32 (%struct.file_lock.179111*)* %38, null br i1 %39, label %43, label %40 %44 = icmp eq i32 %1, 5 br i1 %44, label %45, label %82 %83 = getelementptr inbounds %struct.file_lock.179111, %struct.file_lock.179111* %2, i64 0, i32 6 %84 = load i8, i8* %83, align 4 %85 = icmp eq i8 %84, 2 br i1 %85, label %86, label %88 %87 = tail call fastcc i32 @do_unlk(%struct.file.179124* %0, i32 %1, %struct.file_lock.179111* %2, i32 %32) #70 Function:do_unlk %5 = getelementptr inbounds %struct.file.179124, %struct.file.179124* %0, i64 0, i32 19 %6 = load %struct.address_space.179021*, %struct.address_space.179021** %5, align 8 %7 = getelementptr inbounds %struct.address_space.179021, %struct.address_space.179021* %6, i64 0, i32 0 %8 = load %struct.inode.179116*, %struct.inode.179116** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.file.130674*, i32)* @vfs_fsync to i32 (%struct.file.179124*, i32)*)(%struct.file.179124* %0, i32 0) #69 Function:vfs_fsync %3 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 19 %4 = load %struct.address_space.130521*, %struct.address_space.130521** %3, align 8 %5 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %4, i64 0, i32 0 %6 = load %struct.inode.130684*, %struct.inode.130684** %5, align 8 %7 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 3 %8 = load %struct.file_operations.130671*, %struct.file_operations.130671** %7, align 8 %9 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %8, i64 0, i32 16 %10 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %9, align 8 %11 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %10, null br i1 %11, label %26, label %12 %13 = icmp eq i32 %1, 0 br i1 %13, label %14, label %23 %15 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %6, i64 0, i32 23 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 2048 %18 = icmp eq i64 %17, 0 br i1 %18, label %23, label %19 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_fsync 1 do_unlk 2 nfs_flock ------------- Path:  Function:nfs_flock %4 = getelementptr inbounds %struct.file.179124, %struct.file.179124* %0, i64 0, i32 19 %5 = load %struct.address_space.179021*, %struct.address_space.179021** %4, align 8 %6 = getelementptr inbounds %struct.address_space.179021, %struct.address_space.179021* %5, i64 0, i32 0 %7 = load %struct.inode.179116*, %struct.inode.179116** %6, align 8 %8 = getelementptr inbounds %struct.file_lock.179111, %struct.file_lock.179111* %2, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %32, label %12 %13 = getelementptr inbounds %struct.file_lock.179111, %struct.file_lock.179111* %2, i64 0, i32 6 %14 = load i8, i8* %13, align 4 %15 = and i8 %14, 32 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %32 %18 = getelementptr inbounds %struct.inode.179116, %struct.inode.179116* %7, i64 0, i32 8 %19 = load %struct.super_block.179104*, %struct.super_block.179104** %18, align 8 %20 = getelementptr inbounds %struct.super_block.179104, %struct.super_block.179104* %19, i64 0, i32 30 %21 = bitcast i8** %20 to %struct.nfs_server.179258** %22 = load %struct.nfs_server.179258*, %struct.nfs_server.179258** %21, align 64 %23 = getelementptr inbounds %struct.nfs_server.179258, %struct.nfs_server.179258* %22, i64 0, i32 8 %24 = load i32, i32* %23, align 8 %25 = lshr i32 %24, 20 %26 = and i32 %25, 1 %27 = icmp eq i8 %14, 2 br i1 %27, label %28, label %30 %29 = tail call fastcc i32 @do_unlk(%struct.file.179124* %0, i32 %1, %struct.file_lock.179111* %2, i32 %26) #69 Function:do_unlk %5 = getelementptr inbounds %struct.file.179124, %struct.file.179124* %0, i64 0, i32 19 %6 = load %struct.address_space.179021*, %struct.address_space.179021** %5, align 8 %7 = getelementptr inbounds %struct.address_space.179021, %struct.address_space.179021* %6, i64 0, i32 0 %8 = load %struct.inode.179116*, %struct.inode.179116** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.file.130674*, i32)* @vfs_fsync to i32 (%struct.file.179124*, i32)*)(%struct.file.179124* %0, i32 0) #69 Function:vfs_fsync %3 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 19 %4 = load %struct.address_space.130521*, %struct.address_space.130521** %3, align 8 %5 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %4, i64 0, i32 0 %6 = load %struct.inode.130684*, %struct.inode.130684** %5, align 8 %7 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %0, i64 0, i32 3 %8 = load %struct.file_operations.130671*, %struct.file_operations.130671** %7, align 8 %9 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %8, i64 0, i32 16 %10 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %9, align 8 %11 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %10, null br i1 %11, label %26, label %12 %13 = icmp eq i32 %1, 0 br i1 %13, label %14, label %23 %15 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %6, i64 0, i32 23 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 2048 %18 = icmp eq i64 %17, 0 br i1 %18, label %23, label %19 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fsync ------------- Path:  Function:__x64_sys_fsync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget(i32 %4) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.130674* %8 = icmp eq i64 %6, 0 br i1 %8, label %36, label %9 %10 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %7, i64 0, i32 19 %11 = load %struct.address_space.130521*, %struct.address_space.130521** %10, align 8 %12 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %11, i64 0, i32 0 %13 = load %struct.inode.130684*, %struct.inode.130684** %12, align 8 %14 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %7, i64 0, i32 3 %15 = load %struct.file_operations.130671*, %struct.file_operations.130671** %14, align 8 %16 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %15, i64 0, i32 16 %17 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %16, align 8 %18 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %17, null br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %13, i64 0, i32 23 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2048 %23 = icmp eq i64 %22, 0 br i1 %23, label %28, label %24 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %13, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fsync ------------- Path:  Function:__ia32_sys_fsync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget(i32 %4) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.130674* %8 = icmp eq i64 %6, 0 br i1 %8, label %36, label %9 %10 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %7, i64 0, i32 19 %11 = load %struct.address_space.130521*, %struct.address_space.130521** %10, align 8 %12 = getelementptr inbounds %struct.address_space.130521, %struct.address_space.130521* %11, i64 0, i32 0 %13 = load %struct.inode.130684*, %struct.inode.130684** %12, align 8 %14 = getelementptr inbounds %struct.file.130674, %struct.file.130674* %7, i64 0, i32 3 %15 = load %struct.file_operations.130671*, %struct.file_operations.130671** %14, align 8 %16 = getelementptr inbounds %struct.file_operations.130671, %struct.file_operations.130671* %15, i64 0, i32 16 %17 = load i32 (%struct.file.130674*, i64, i64, i32)*, i32 (%struct.file.130674*, i64, i64, i32)** %16, align 8 %18 = icmp eq i32 (%struct.file.130674*, i64, i64, i32)* %17, null br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.inode.130684, %struct.inode.130684* %13, i64 0, i32 23 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2048 %23 = icmp eq i64 %22, 0 br i1 %23, label %28, label %24 tail call void bitcast (void (%struct.inode.100633*, i32)* @__mark_inode_dirty to void (%struct.inode.130684*, i32)*)(%struct.inode.130684* %13, i32 1) #69 ------------- Good: 421 Bad: 9 Ignored: 548 Check Use of Function:rfkill_set_block Check Use of Function:propagate_mount_busy Check Use of Function:compat_put_timex Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_clock_adjtime ------------- Path:  Function:__ia32_compat_sys_clock_adjtime %2 = alloca %struct.timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %4 to i32 %10 = inttoptr i64 %8 to %struct.compat_timex* %11 = icmp slt i32 %9, 0 br i1 %11, label %12, label %17 %18 = icmp ugt i32 %9, 11 br i1 %18, label %19, label %21 %22 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 12, i64 %5) #6, !srcloc !4 %23 = and i64 %22, %5 %24 = getelementptr [12 x %struct.k_clock.75182*], [12 x %struct.k_clock.75182*]* @posix_clocks, i64 0, i64 %23 %25 = load %struct.k_clock.75182*, %struct.k_clock.75182** %24, align 8 %26 = bitcast %struct.timex* %2 to i8* %27 = icmp eq i64 %23, 10 br i1 %27, label %48, label %28 %29 = phi i8* [ %16, %12 ], [ %26, %21 ] %30 = phi %struct.k_clock.75182* [ %15, %12 ], [ %25, %21 ] %31 = getelementptr inbounds %struct.k_clock.75182, %struct.k_clock.75182* %30, i64 0, i32 3 %32 = load i32 (i32, %struct.timex*)*, i32 (i32, %struct.timex*)** %31, align 8 %33 = icmp eq i32 (i32, %struct.timex*)* %32, null br i1 %33, label %48, label %34 %35 = call i32 @compat_get_timex(%struct.timex* nonnull %2, %struct.compat_timex* %10) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i32 (i32, %struct.timex*)*, i32 (i32, %struct.timex*)** %31, align 8 %41 = call i32 %40(i32 %9, %struct.timex* nonnull %2) #69 %42 = icmp sgt i32 %41, -1 br i1 %42, label %43, label %46 %44 = call i32 @compat_put_timex(%struct.compat_timex* %10, %struct.timex* nonnull %2) #69 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:__mnt_want_write Check Use of Function:mnt_clone_internal Check Use of Function:drm_syncobj_open Check Use of Function:do_kexec_load Check Use of Function:compat_alloc_user_space Use: =BAD PATH= Call Stack: 0 __compat_sys_setsockopt 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %198 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %201 = load i32, i32* %200, align 4 %202 = zext i32 %201 to i64 %203 = inttoptr i64 %202 to i8* %204 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 4 %205 = load i32, i32* %204, align 16 %206 = call fastcc i32 @__compat_sys_setsockopt(i32 %90, i32 %92, i32 %199, i8* %203, i32 %205) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 %8 = alloca %struct.sock_fprog_kern, align 8 %9 = alloca i32, align 4 %10 = bitcast i32* %9 to i8* %11 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %9) #69 %12 = icmp eq %struct.socket.230347* %11, null br i1 %12, label %101, label %13 %14 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_setsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %11, i32 %1, i32 %2) #69 store i32 %14, i32* %9, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %98 %17 = icmp eq i32 %1, 1 br i1 %17, label %18, label %86 switch i32 %2, label %43 [ i32 51, label %19 i32 26, label %19 ] %20 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __compat_sys_setsockopt 1 __ia32_compat_sys_setsockopt ------------- Path:  Function:__ia32_compat_sys_setsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %10 to i8* %17 = trunc i64 %12 to i32 %18 = tail call fastcc i32 @__compat_sys_setsockopt(i32 %13, i32 %14, i32 %15, i8* %16, i32 %17) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.anon.48, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 %8 = alloca %struct.sock_fprog_kern, align 8 %9 = alloca i32, align 4 %10 = bitcast i32* %9 to i8* %11 = call %struct.socket.230347* @sockfd_lookup(i32 %0, i32* nonnull %9) #69 %12 = icmp eq %struct.socket.230347* %11, null br i1 %12, label %101, label %13 %14 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_setsockopt to i32 (%struct.socket.230347*, i32, i32)*)(%struct.socket.230347* nonnull %11, i32 %1, i32 %2) #69 store i32 %14, i32* %9, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %98 %17 = icmp eq i32 %1, 1 br i1 %17, label %18, label %86 switch i32 %2, label %43 [ i32 51, label %19 i32 26, label %19 ] %20 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_bpf_fprog 1 compat_packet_setsockopt ------------- Path:  Function:compat_packet_setsockopt %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = bitcast %struct.sock.230350** %6 to %struct.packet_sock** %8 = load %struct.packet_sock*, %struct.packet_sock** %7, align 8 %9 = icmp eq i32 %1, 263 br i1 %9, label %10, label %29 %11 = icmp eq i32 %2, 22 br i1 %11, label %12, label %25 %13 = getelementptr inbounds %struct.packet_sock, %struct.packet_sock* %8, i64 0, i32 1 %14 = load %struct.packet_fanout*, %struct.packet_fanout** %13, align 8 %15 = icmp eq %struct.packet_fanout* %14, null br i1 %15, label %25, label %16 %17 = getelementptr inbounds %struct.packet_fanout, %struct.packet_fanout* %14, i64 0, i32 3 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 6 br i1 %19, label %20, label %25 %21 = tail call %struct.sock_fprog_kern* @get_compat_bpf_fprog(i8* %3) #69 Function:get_compat_bpf_fprog %2 = alloca %struct.compat_sock_fprog, align 4 %3 = alloca %struct.sock_fprog_kern, align 8 %4 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = alloca %struct.ifreq, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.in6_rtmsg, align 8 %12 = alloca %struct.rtentry, align 8 %13 = alloca [16 x i8], align 16 %14 = alloca %struct.ifreq, align 8 %15 = alloca %struct.ifreq, align 8 %16 = alloca %struct.ifreq, align 8 %17 = alloca %struct.util_est, align 4 %18 = alloca %struct.ifconf, align 8 %19 = alloca %struct.ifreq, align 8 %20 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.socket.230347** %22 = load %struct.socket.230347*, %struct.socket.230347** %21, align 8 %23 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %22, i64 0, i32 5 %24 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %22, i64 0, i32 6 %25 = load %struct.proto_ops.230346*, %struct.proto_ops.230346** %24, align 8 %26 = getelementptr inbounds %struct.proto_ops.230346, %struct.proto_ops.230346* %25, i64 0, i32 10 %27 = load i32 (%struct.socket.230347*, i32, i64)*, i32 (%struct.socket.230347*, i32, i64)** %26, align 8 %28 = icmp eq i32 (%struct.socket.230347*, i32, i64)* %27, null br i1 %28, label %31, label %29 %32 = phi i32 [ %30, %29 ], [ -515, %3 ] %33 = icmp eq i32 %32, -515 %34 = and i32 %1, -256 %35 = icmp eq i32 %34, 35584 %36 = and i1 %35, %33 %37 = xor i1 %33, true %38 = or i1 %35, %37 %39 = select i1 %36, i32 -22, i32 %32 br i1 %38, label %842, label %40 %41 = and i64 %2, 4294967295 %42 = inttoptr i64 %41 to i8* %43 = load %struct.sock.230350*, %struct.sock.230350** %23, align 8 %44 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %43, i64 0, i32 0, i32 9, i32 0 %45 = load %struct.net.230172*, %struct.net.230172** %44, align 8 %46 = and i32 %1, -16 %47 = icmp eq i32 %46, 35312 br i1 %47, label %48, label %75 switch i32 %1, label %842 [ i32 35137, label %76 i32 35136, label %76 i32 35090, label %90 i32 35142, label %113 i32 35146, label %381 i32 35184, label %412 i32 35185, label %412 i32 35083, label %515 i32 35084, label %515 i32 35078, label %703 i32 35079, label %738 i32 35219, label %773 i32 35220, label %773 i32 35248, label %773 i32 35249, label %773 i32 35073, label %800 i32 35074, label %800 i32 35075, label %800 i32 35076, label %800 i32 35232, label %800 i32 35233, label %800 i32 35202, label %800 i32 35203, label %800 i32 35200, label %800 i32 35201, label %800 i32 35148, label %800 i32 35091, label %803 i32 35092, label %803 i32 35101, label %803 i32 35102, label %803 i32 35105, label %803 i32 35106, label %803 i32 35103, label %803 i32 35104, label %803 i32 35111, label %803 i32 35108, label %803 i32 35121, label %803 i32 35122, label %803 i32 35123, label %803 i32 35093, label %803 i32 35094, label %803 i32 35127, label %803 i32 35126, label %803 i32 35097, label %803 i32 35098, label %803 i32 35095, label %803 i32 35096, label %803 i32 35099, label %803 i32 35100, label %803 i32 35124, label %803 i32 35125, label %803 i32 35138, label %803 i32 35139, label %803 i32 35234, label %803 i32 35235, label %803 i32 35088, label %803 i32 35107, label %803 i32 35143, label %803 i32 35144, label %803 i32 35145, label %803 i32 35216, label %803 i32 35217, label %803 i32 35218, label %803 i32 35221, label %803 i32 35157, label %839 i32 35156, label %839 i32 35155, label %839 i32 35147, label %839 i32 35077, label %839 ] %804 = inttoptr i64 %41 to %struct.compat_ifreq* %805 = tail call i8* @compat_alloc_user_space(i64 40) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = alloca %struct.ifreq, align 8 %9 = alloca %struct.anon.48, align 8 %10 = alloca %struct.anon.48, align 8 %11 = alloca %struct.in6_rtmsg, align 8 %12 = alloca %struct.rtentry, align 8 %13 = alloca [16 x i8], align 16 %14 = alloca %struct.ifreq, align 8 %15 = alloca %struct.ifreq, align 8 %16 = alloca %struct.ifreq, align 8 %17 = alloca %struct.util_est, align 4 %18 = alloca %struct.ifconf, align 8 %19 = alloca %struct.ifreq, align 8 %20 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.socket.230347** %22 = load %struct.socket.230347*, %struct.socket.230347** %21, align 8 %23 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %22, i64 0, i32 5 %24 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %22, i64 0, i32 6 %25 = load %struct.proto_ops.230346*, %struct.proto_ops.230346** %24, align 8 %26 = getelementptr inbounds %struct.proto_ops.230346, %struct.proto_ops.230346* %25, i64 0, i32 10 %27 = load i32 (%struct.socket.230347*, i32, i64)*, i32 (%struct.socket.230347*, i32, i64)** %26, align 8 %28 = icmp eq i32 (%struct.socket.230347*, i32, i64)* %27, null br i1 %28, label %31, label %29 %32 = phi i32 [ %30, %29 ], [ -515, %3 ] %33 = icmp eq i32 %32, -515 %34 = and i32 %1, -256 %35 = icmp eq i32 %34, 35584 %36 = and i1 %35, %33 %37 = xor i1 %33, true %38 = or i1 %35, %37 %39 = select i1 %36, i32 -22, i32 %32 br i1 %38, label %842, label %40 %41 = and i64 %2, 4294967295 %42 = inttoptr i64 %41 to i8* %43 = load %struct.sock.230350*, %struct.sock.230350** %23, align 8 %44 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %43, i64 0, i32 0, i32 9, i32 0 %45 = load %struct.net.230172*, %struct.net.230172** %44, align 8 %46 = and i32 %1, -16 %47 = icmp eq i32 %46, 35312 br i1 %47, label %48, label %75 switch i32 %1, label %842 [ i32 35137, label %76 i32 35136, label %76 i32 35090, label %90 i32 35142, label %113 i32 35146, label %381 i32 35184, label %412 i32 35185, label %412 i32 35083, label %515 i32 35084, label %515 i32 35078, label %703 i32 35079, label %738 i32 35219, label %773 i32 35220, label %773 i32 35248, label %773 i32 35249, label %773 i32 35073, label %800 i32 35074, label %800 i32 35075, label %800 i32 35076, label %800 i32 35232, label %800 i32 35233, label %800 i32 35202, label %800 i32 35203, label %800 i32 35200, label %800 i32 35201, label %800 i32 35148, label %800 i32 35091, label %803 i32 35092, label %803 i32 35101, label %803 i32 35102, label %803 i32 35105, label %803 i32 35106, label %803 i32 35103, label %803 i32 35104, label %803 i32 35111, label %803 i32 35108, label %803 i32 35121, label %803 i32 35122, label %803 i32 35123, label %803 i32 35093, label %803 i32 35094, label %803 i32 35127, label %803 i32 35126, label %803 i32 35097, label %803 i32 35098, label %803 i32 35095, label %803 i32 35096, label %803 i32 35099, label %803 i32 35100, label %803 i32 35124, label %803 i32 35125, label %803 i32 35138, label %803 i32 35139, label %803 i32 35234, label %803 i32 35235, label %803 i32 35088, label %803 i32 35107, label %803 i32 35143, label %803 i32 35144, label %803 i32 35145, label %803 i32 35216, label %803 i32 35217, label %803 i32 35218, label %803 i32 35221, label %803 i32 35157, label %839 i32 35156, label %839 i32 35155, label %839 i32 35147, label %839 i32 35077, label %839 ] %114 = inttoptr i64 %41 to %struct.compat_ifreq* %115 = getelementptr inbounds %struct.ifreq, %struct.ifreq* %16, i64 0, i32 0, i32 0, i64 0 %117 = getelementptr inbounds %struct.compat_ifreq, %struct.compat_ifreq* %114, i64 0, i32 1, i32 0, i32 0 %118 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %117, i64 4, i64 %116) #6, !srcloc !8 %119 = extractvalue { i32*, i64, i64 } %118, 0 %120 = extractvalue { i32*, i64, i64 } %118, 2 %121 = ptrtoint i32* %119 to i64 %122 = and i64 %121, 4294967295 %123 = icmp eq i64 %122, 0 br i1 %123, label %124, label %379, !prof !5, !misexpect !6 %125 = extractvalue { i32*, i64, i64 } %118, 1 %126 = and i64 %125, 4294967295 %127 = inttoptr i64 %126 to i8* %129 = inttoptr i64 %126 to i32* %130 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %129, i64 4, i64 %128) #6, !srcloc !9 %131 = extractvalue { i32*, i64, i64 } %130, 0 %132 = extractvalue { i32*, i64, i64 } %130, 1 %133 = extractvalue { i32*, i64, i64 } %130, 2 %134 = ptrtoint i32* %131 to i64 %135 = trunc i64 %132 to i32 %136 = and i64 %134, 4294967295 %137 = icmp eq i64 %136, 0 br i1 %137, label %138, label %379, !prof !5, !misexpect !6 switch i32 %135, label %166 [ i32 48, label %139 i32 45, label %156 i32 46, label %156 i32 47, label %156 i32 50, label %156 i32 49, label %159 ] %141 = getelementptr inbounds i8, i8* %127, i64 176 %142 = bitcast i8* %141 to i32* %143 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %142, i64 4, i64 %140) #6, !srcloc !10 %144 = extractvalue { i32*, i64, i64 } %143, 0 %145 = extractvalue { i32*, i64, i64 } %143, 1 %146 = extractvalue { i32*, i64, i64 } %143, 2 %147 = ptrtoint i32* %144 to i64 %148 = trunc i64 %145 to i32 %149 = and i64 %147, 4294967295 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %379, !prof !5, !misexpect !6 %152 = and i64 %145, 4294967295 %153 = icmp ugt i64 %152, 1048576 br i1 %153, label %379, label %154 %155 = shl nuw nsw i64 %152, 2 br label %156 %157 = phi i32 [ 0, %138 ], [ 0, %138 ], [ 0, %138 ], [ 0, %138 ], [ %148, %154 ] %158 = phi i64 [ 0, %138 ], [ 0, %138 ], [ 0, %138 ], [ 0, %138 ], [ %155, %154 ] br label %159 %160 = phi i32 [ 0, %138 ], [ %157, %156 ] %161 = phi i64 [ 0, %138 ], [ %158, %156 ] %162 = phi i1 [ false, %138 ], [ true, %156 ] %163 = add nuw nsw i64 %161, 192 %164 = tail call i8* @compat_alloc_user_space(i64 %163) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* switch i32 %1, label %114 [ i32 -2147203072, label %10 i32 -2133047295, label %10 i32 -2143270910, label %10 i32 1079003139, label %12 ] %13 = inttoptr i64 %8 to %struct.snd_hwdep_dsp_image32* %14 = tail call i8* @compat_alloc_user_space(i64 96) #70 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file.124204, %struct.file.124204* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_ctl_file** %12 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %11, align 8 %13 = icmp eq %struct.snd_ctl_file* %12, null br i1 %13, label %371, label %14, !prof !4 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %12, i64 0, i32 1 %16 = load %struct.snd_card.562818*, %struct.snd_card.562818** %15, align 8 %17 = icmp eq %struct.snd_card.562818* %16, null br i1 %17, label %371, label %18, !prof !4, !misexpect !5 switch i32 %1, label %350 [ i32 -2147199744, label %19 i32 -2122820351, label %19 i32 -1073457898, label %19 i32 -1073457712, label %19 i32 -2147199535, label %19 i32 1077957908, label %19 i32 1077957909, label %19 i32 -1069525735, label %19 i32 -1073195750, label %19 i32 -1073195749, label %19 i32 -1073195748, label %19 i32 -1069001456, label %21 i32 -1055894255, label %77 i32 -1027320558, label %164 i32 -1027320557, label %280 i32 -1055894249, label %342 i32 -1055894248, label %346 ] %22 = inttoptr i64 %8 to %struct.snd_ctl_elem_list32* %23 = tail call i8* @compat_alloc_user_space(i64 80) #70 ------------- Use: =BAD PATH= Call Stack: 0 compat_i915_getparam 1 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.365662* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %35 %10 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 fb_compat_ioctl ------------- Path:  Function:fb_compat_ioctl %4 = alloca %struct.fb_fix_screeninfo, align 8 %5 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 2 %6 = load %struct.inode.146664*, %struct.inode.146664** %5, align 8 %7 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %6, i64 0, i32 13 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1048575 %10 = zext i32 %9 to i64 %11 = getelementptr [32 x %struct.fb_info.283349*], [32 x %struct.fb_info.283349*]* @registered_fb, i64 0, i64 %10 %12 = load %struct.fb_info.283349*, %struct.fb_info.283349** %11, align 8 %13 = getelementptr inbounds %struct.file.146593, %struct.file.146593* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.fb_info.283349** %15 = load %struct.fb_info.283349*, %struct.fb_info.283349** %14, align 8 %16 = icmp ne %struct.fb_info.283349* %12, %15 %17 = icmp eq %struct.fb_info.283349* %12, null %18 = or i1 %17, %16 br i1 %18, label %243, label %19 switch i32 %1, label %234 [ i32 17920, label %20 i32 17921, label %20 i32 17926, label %20 i32 17935, label %20 i32 17936, label %20 i32 17937, label %22 i32 17922, label %25 i32 17924, label %115 i32 17925, label %115 ] %116 = tail call i8* @compat_alloc_user_space(i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.266271, %struct.gendisk.266271* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.266215*, %struct.block_device_operations.266215** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.266215, %struct.block_device_operations.266215* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.266272*, i32, i32, i64)*, i32 (%struct.block_device.266272*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.266272*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %368 = tail call i8* @compat_alloc_user_space(i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.266271, %struct.gendisk.266271* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.266215*, %struct.block_device_operations.266215** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.266215, %struct.block_device_operations.266215* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.266272*, i32, i32, i64)*, i32 (%struct.block_device.266272*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.266272*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %328 = tail call i8* @compat_alloc_user_space(i64 24) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.266271, %struct.gendisk.266271* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.266215*, %struct.block_device_operations.266215** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.266215, %struct.block_device_operations.266215* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.266272*, i32, i32, i64)*, i32 (%struct.block_device.266272*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.266272*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %306 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %121 = and i64 %2, 4294967295 %122 = inttoptr i64 %121 to %struct.ist_info* %123 = tail call i8* @compat_alloc_user_space(i64 24) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %92 = tail call i8* @compat_alloc_user_space(i64 80) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %56 = tail call i8* @compat_alloc_user_space(i64 72) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %18 = tail call i8* @compat_alloc_user_space(i64 72) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %1157 = inttoptr i64 %8 to %struct.util_est* %1159 = getelementptr inbounds %struct.util_est, %struct.util_est* %1157, i64 0, i32 0 %1160 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %1159, i64 4, i64 %1158) #6, !srcloc !82 %1161 = extractvalue { i32*, i64, i64 } %1160, 0 %1162 = extractvalue { i32*, i64, i64 } %1160, 2 %1163 = ptrtoint i32* %1161 to i64 %1165 = getelementptr inbounds %struct.util_est, %struct.util_est* %1157, i64 0, i32 1 %1166 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %1165, i64 4, i64 %1164) #6, !srcloc !83 %1167 = extractvalue { i32*, i64, i64 } %1166, 0 %1168 = extractvalue { i32*, i64, i64 } %1166, 2 %1169 = ptrtoint i32* %1167 to i64 %1170 = or i64 %1169, %1163 %1171 = trunc i64 %1170 to i32 %1172 = icmp eq i32 %1171, 0 br i1 %1172, label %1173, label %1196 %1174 = extractvalue { i32*, i64, i64 } %1166, 1 %1175 = trunc i64 %1174 to i32 %1176 = extractvalue { i32*, i64, i64 } %1160, 1 %1177 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %1046 = inttoptr i64 %8 to %struct.compat_video_event* %1047 = tail call i8* @compat_alloc_user_space(i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %1001 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %842 = inttoptr i64 %8 to %struct.serial_struct32* %843 = tail call i8* @compat_alloc_user_space(i64 72) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %669 = tail call i8* @compat_alloc_user_space(i64 48) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %666 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %597 = inttoptr i64 %8 to %struct.compat_sg_req_info* %598 = tail call i8* @compat_alloc_user_space(i64 384) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %340 = inttoptr i64 %8 to %struct.sg_io_hdr32* %342 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 0 %343 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %342, i64 4, i64 %341) #6, !srcloc !20 %344 = extractvalue { i32*, i64, i64 } %343, 0 %345 = extractvalue { i32*, i64, i64 } %343, 2 %346 = ptrtoint i32* %344 to i64 %347 = and i64 %346, 4294967295 %348 = icmp eq i64 %347, 0 br i1 %348, label %349, label %593, !prof !9, !misexpect !10 %350 = extractvalue { i32*, i64, i64 } %343, 1 %351 = trunc i64 %350 to i32 %352 = icmp eq i32 %351, 83 br i1 %352, label %359, label %353 %361 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 4 %362 = tail call { i16*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i16* %361, i64 2, i64 %360) #6, !srcloc !21 %363 = extractvalue { i16*, i64, i64 } %362, 0 %364 = extractvalue { i16*, i64, i64 } %362, 1 %365 = extractvalue { i16*, i64, i64 } %362, 2 %366 = ptrtoint i16* %363 to i64 %367 = trunc i64 %364 to i16 %368 = and i64 %366, 4294967295 %369 = icmp eq i64 %368, 0 br i1 %369, label %370, label %593, !prof !9, !misexpect !10 %371 = tail call i8* @compat_alloc_user_space(i64 0) #69 %372 = shl i64 %364, 4 %373 = and i64 %372, 1048560 %374 = add nuw nsw i64 %373, 88 %375 = tail call i8* @compat_alloc_user_space(i64 %374) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %340 = inttoptr i64 %8 to %struct.sg_io_hdr32* %342 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 0 %343 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %342, i64 4, i64 %341) #6, !srcloc !20 %344 = extractvalue { i32*, i64, i64 } %343, 0 %345 = extractvalue { i32*, i64, i64 } %343, 2 %346 = ptrtoint i32* %344 to i64 %347 = and i64 %346, 4294967295 %348 = icmp eq i64 %347, 0 br i1 %348, label %349, label %593, !prof !9, !misexpect !10 %350 = extractvalue { i32*, i64, i64 } %343, 1 %351 = trunc i64 %350 to i32 %352 = icmp eq i32 %351, 83 br i1 %352, label %359, label %353 %361 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 4 %362 = tail call { i16*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i16* %361, i64 2, i64 %360) #6, !srcloc !21 %363 = extractvalue { i16*, i64, i64 } %362, 0 %364 = extractvalue { i16*, i64, i64 } %362, 1 %365 = extractvalue { i16*, i64, i64 } %362, 2 %366 = ptrtoint i16* %363 to i64 %367 = trunc i64 %364 to i16 %368 = and i64 %366, 4294967295 %369 = icmp eq i64 %368, 0 br i1 %369, label %370, label %593, !prof !9, !misexpect !10 %371 = tail call i8* @compat_alloc_user_space(i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %291 = inttoptr i64 %8 to %struct.compat_sock_fprog* %292 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %242 = inttoptr i64 %8 to %struct.exception_table_entry* %243 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %1201 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 19250, label %1199 i32 19301, label %1199 i32 21534, label %841 i32 21535, label %841 i32 -2147192821, label %1000 i32 1074032652, label %1000 i32 -2147192819, label %1000 i32 1074032654, label %1000 i32 -2146144484, label %1045 i32 1074294558, label %1156 i32 21541, label %1199 i32 21596, label %1199 i32 21518, label %1199 i32 2338, label %1199 i32 2344, label %1199 i32 2345, label %1199 i32 1074006315, label %1199 i32 19278, label %1199 i32 19247, label %1199 i32 19248, label %1199 i32 19258, label %1199 i32 19269, label %1199 i32 19299, label %1199 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %197 = inttoptr i64 %8 to %struct.util_est* %198 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %20 = inttoptr i64 %8 to %struct.space_resv_32* %21 = tail call i8* @compat_alloc_user_space(i64 48) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_move_pages ------------- Path:  Function:__ia32_compat_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %9 to i32* %21 = inttoptr i64 %12 to i32* %22 = inttoptr i64 %15 to i32* %23 = trunc i64 %17 to i32 %24 = shl nuw nsw i64 %6, 3 %25 = tail call i8* @compat_alloc_user_space(i64 %24) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 %35 = bitcast i8* %34 to i64* %36 = lshr i64 %20, 6 %37 = getelementptr i64, i64* %35, i64 %36 %38 = select i1 %30, i64* null, i64* %37 %39 = call i64 @_copy_to_user(i8* %34, i8* nonnull %15, i64 %22) #69 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %64 %42 = phi i64* [ %38, %29 ], [ null, %1 ] %43 = phi i64* [ %35, %29 ], [ null, %1 ] %44 = icmp eq i64 %12, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %47 = call i64 @compat_get_bitmap(i64* nonnull %46, i32* nonnull %14, i64 %19) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %64 %50 = icmp eq i64* %42, null br i1 %50, label %51, label %54 %52 = call i8* @compat_alloc_user_space(i64 %22) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_mbind ------------- Path:  Function:__ia32_compat_sys_mbind %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = bitcast %struct.cpumask* %2 to i8* %21 = add i64 %16, 4294967295 %22 = and i64 %21, 4294967295 %23 = icmp ult i64 %22, 64 %24 = select i1 %23, i64 %22, i64 64 %25 = add nuw nsw i64 %24, 63 %26 = lshr i64 %25, 3 %27 = and i64 %26, 24 %28 = icmp eq i64 %14, 0 br i1 %28, label %39, label %29 %30 = inttoptr i64 %14 to i32* %31 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %32 = call i64 @compat_get_bitmap(i64* nonnull %31, i32* nonnull %30, i64 %24) #69 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %43 %35 = call i8* @compat_alloc_user_space(i64 %27) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_set_mempolicy ------------- Path:  Function:__ia32_compat_sys_set_mempolicy %2 = alloca %struct.cpumask, align 8 %3 = alloca [1 x i64], align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %5 to i32 %12 = bitcast [1 x i64]* %3 to i8* %13 = add i64 %10, 4294967295 %14 = and i64 %13, 4294967295 %15 = icmp ult i64 %14, 64 %16 = select i1 %15, i64 %14, i64 64 %17 = add nuw nsw i64 %16, 63 %18 = lshr i64 %17, 3 %19 = and i64 %18, 24 %20 = icmp eq i64 %8, 0 br i1 %20, label %31, label %21 %22 = inttoptr i64 %8 to i32* %23 = getelementptr inbounds [1 x i64], [1 x i64]* %3, i64 0, i64 0 %24 = call i64 @compat_get_bitmap(i64* nonnull %23, i32* nonnull %22, i64 %16) #69 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %54 %27 = call i8* @compat_alloc_user_space(i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_mempolicy ------------- Path:  Function:__ia32_compat_sys_get_mempolicy %2 = alloca [1 x i64], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %5 to i32* %18 = inttoptr i64 %8 to i32* %19 = bitcast [1 x i64]* %2 to i8* %20 = add i64 %10, 4294967295 %21 = and i64 %20, 4294967295 %22 = load i32, i32* @nr_node_ids, align 4 %23 = sext i32 %22 to i64 %24 = icmp ult i64 %21, %23 %25 = select i1 %24, i64 %21, i64 %23 %26 = add nuw nsw i64 %25, 63 %27 = lshr i64 %26, 3 %28 = and i64 %27, 1073741816 %29 = icmp ne i64 %8, 0 br i1 %29, label %30, label %33 %31 = tail call i8* @compat_alloc_user_space(i64 %28) #69 ------------- Good: 3 Bad: 35 Ignored: 121 Check Use of Function:security_sb_pivotroot Check Use of Function:cgroup_kn_unlock Check Use of Function:strim Use: =BAD PATH= Call Stack: 0 tracing_clock_write ------------- Path:  Function:tracing_clock_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file.89922, %struct.file.89922* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.89575** %8 = load %struct.seq_file.89575*, %struct.seq_file.89575** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.89575, %struct.seq_file.89575* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %27, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %27 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call i8* @strim(i8* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 trace_set_options 1 tracing_trace_options_write ------------- Path:  Function:tracing_trace_options_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file.89922, %struct.file.89922* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.89575** %8 = load %struct.seq_file.89575*, %struct.seq_file.89575** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.89575, %struct.seq_file.89575* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %26, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %26 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call fastcc i32 @trace_set_options(%struct.trace_array* %11, i8* nonnull %12) #70 Function:trace_set_options %3 = tail call i64 @strlen(i8* %1) #69 %4 = tail call i8* @strim(i8* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca %struct.mmu_gather.146390, align 8 %7 = alloca i32, align 4 %8 = alloca %struct.kuid_t, align 4 %9 = alloca %struct.mm_walk.146388, align 8 %10 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %11 = bitcast %struct.mmu_gather.146390* %6 to i8* %12 = bitcast i32* %7 to i8* %13 = icmp ult i64 %2, 12 %14 = select i1 %13, i64 %2, i64 12 %15 = call i64 @_copy_from_user(i8* nonnull %10, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %111 %18 = call i8* @strim(i8* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 oom_score_adj_write ------------- Path:  Function:oom_score_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %27 %14 = call i8* @strim(i8* nonnull %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 oom_adj_write ------------- Path:  Function:oom_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %35 %14 = call i8* @strim(i8* nonnull %7) #69 ------------- Good: 11 Bad: 5 Ignored: 17 Check Use of Function:aio_complete_rw Check Use of Function:cgroup_kn_lock_live Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.82664* %0, i8* %1, i64 %2, i1 zeroext true) #69 Function:__cgroup1_procs_write %5 = getelementptr inbounds %struct.kernfs_open_file.82664, %struct.kernfs_open_file.82664* %0, i64 0, i32 0 %6 = load %struct.kernfs_node.82669*, %struct.kernfs_node.82669** %5, align 8 %7 = tail call %struct.cgroup.82677* bitcast (%struct.cgroup.81698* (%struct.kernfs_node.81689*, i1)* @cgroup_kn_lock_live to %struct.cgroup.82677* (%struct.kernfs_node.82669*, i1)*)(%struct.kernfs_node.82669* %6, i1 zeroext false) #69 ------------- Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.82664* %0, i8* %1, i64 %2, i1 zeroext false) #69 Function:__cgroup1_procs_write %5 = getelementptr inbounds %struct.kernfs_open_file.82664, %struct.kernfs_open_file.82664* %0, i64 0, i32 0 %6 = load %struct.kernfs_node.82669*, %struct.kernfs_node.82669** %5, align 8 %7 = tail call %struct.cgroup.82677* bitcast (%struct.cgroup.81698* (%struct.kernfs_node.81689*, i1)* @cgroup_kn_lock_live to %struct.cgroup.82677* (%struct.kernfs_node.82669*, i1)*)(%struct.kernfs_node.82669* %6, i1 zeroext false) #69 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_mkdir ------------- Path:  Function:cgroup_mkdir %4 = alloca %struct.iattr.81377, align 8 %5 = tail call i8* @strchr(i8* %1, i32 10) #69 %6 = icmp eq i8* %5, null br i1 %6, label %7, label %352 %8 = tail call %struct.cgroup.81698* @cgroup_kn_lock_live(%struct.kernfs_node.81689* %0, i1 zeroext false) #69 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_rmdir ------------- Path:  Function:cgroup_rmdir %2 = tail call %struct.cgroup.81698* @cgroup_kn_lock_live(%struct.kernfs_node.81689* %0, i1 zeroext false) #69 ------------- Good: 1 Bad: 4 Ignored: 12 Check Use of Function:empty_dir_lookup Check Use of Function:max_swapfile_size Check Use of Function:save_stack_trace_tsk Check Use of Function:tty_kref_put Use: =BAD PATH= Call Stack: 0 proc_clear_tty 1 ksys_setsid 2 __x64_sys_setsid ------------- Path:  Function:__x64_sys_setsid %2 = tail call i32 @ksys_setsid() #69 Function:ksys_setsid %1 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %1, i64 0, i32 54 %3 = load %struct.task_struct.39605*, %struct.task_struct.39605** %2, align 16 %4 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %3, i64 0, i32 57 %5 = load %struct.pid.39326*, %struct.pid.39326** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.pid.45783*)* @pid_vnr to i32 (%struct.pid.39326*)*)(%struct.pid.39326* %5) #69 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %7 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %3, i64 0, i32 86 %8 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %7, align 64 %9 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %8, i64 0, i32 24 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %33 %13 = tail call %struct.task_struct.39605* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @pid_task to %struct.task_struct.39605* (%struct.pid.39326*, i32)*)(%struct.pid.39326* %5, i32 2) #69 %14 = icmp eq %struct.task_struct.39605* %13, null br i1 %14, label %15, label %33 %16 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %7, align 64 %17 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %16, i64 0, i32 24 store i32 1, i32* %17, align 8 %18 = load %struct.task_struct.39605*, %struct.task_struct.39605** %2, align 16 %19 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %18, i64 0, i32 86 %20 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %19, align 64 %21 = getelementptr %struct.signal_struct.39514, %struct.signal_struct.39514* %20, i64 0, i32 22, i64 3 %22 = load %struct.pid.39326*, %struct.pid.39326** %21, align 8 %23 = icmp eq %struct.pid.39326* %22, %5 br i1 %23, label %26, label %24 tail call void bitcast (void (%struct.task_struct.46154*, i32, %struct.pid.45783*)* @change_pid to void (%struct.task_struct.39605*, i32, %struct.pid.39326*)*)(%struct.task_struct.39605* %18, i32 3, %struct.pid.39326* %5) #69 %25 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %19, align 64 br label %26 %27 = phi %struct.signal_struct.39514* [ %20, %15 ], [ %25, %24 ] %28 = getelementptr %struct.signal_struct.39514, %struct.signal_struct.39514* %27, i64 0, i32 22, i64 2 %29 = load %struct.pid.39326*, %struct.pid.39326** %28, align 8 %30 = icmp eq %struct.pid.39326* %29, %5 br i1 %30, label %32, label %31 tail call void bitcast (void (%struct.task_struct.316170*)* @proc_clear_tty to void (%struct.task_struct.39605*)*)(%struct.task_struct.39605* %3) #69 Function:proc_clear_tty %2 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %0, i64 0, i32 87 %3 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 8 %4 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %3, i64 0, i32 2, i32 0, i32 0 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %0, i64 0, i32 86 %7 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %6, align 64 %8 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %7, i64 0, i32 25 %9 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %8, align 8 store %struct.tty_struct.316116* null, %struct.tty_struct.316116** %8, align 8 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %5) #69 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_kref_put to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 %32 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 13, i32 0, i32 0 %33 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %32) #69 %34 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 19 %35 = load %struct.pid.39326*, %struct.pid.39326** %34, align 8 %36 = icmp eq %struct.pid.39326* %35, null br i1 %36, label %37, label %38 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %33) #69 br label %44 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_kref_put to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca %struct.serial_icounter_struct, align 4 %5 = alloca i64, align 8 %6 = alloca i8, align 1 %7 = alloca i8, align 1 %8 = alloca [16 x i8], align 16 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.230612*, %struct.tty_struct.230612** %12, align 8 %14 = inttoptr i64 %2 to i8* %15 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %0, i64 0, i32 2 %16 = load %struct.inode.230528*, %struct.inode.230528** %15, align 8 %17 = icmp eq %struct.tty_struct.230612* %13, null br i1 %17, label %18, label %24 %25 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = icmp eq i32 %26, 21505 br i1 %27, label %34, label %28 %35 = getelementptr inbounds %struct.tty_struct.230612, %struct.tty_struct.230612* %13, i64 0, i32 3 %36 = load %struct.tty_driver.230608*, %struct.tty_driver.230608** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.230608, %struct.tty_driver.230608* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %40, label %47 %48 = phi %struct.tty_struct.230612* [ %46, %44 ], [ %13, %40 ], [ %13, %34 ] switch i32 %1, label %371 [ i32 21539, label %49 i32 21543, label %49 i32 21544, label %49 i32 21513, label %49 i32 21541, label %49 i32 21522, label %63 i32 21523, label %98 i32 21524, label %106 i32 21533, label %137 i32 21537, label %156 i32 21516, label %177 i32 21517, label %180 i32 -2147199936, label %183 i32 21540, label %192 i32 21559, label %217 i32 -2147199950, label %220 i32 21525, label %272 i32 21528, label %287 i32 21527, label %287 i32 21526, label %287 i32 21597, label %321 i32 21515, label %341 i32 21535, label %343 i32 21569, label %367 ] %372 = tail call i64 bitcast (i64 (%struct.tty_struct.316116*, %struct.tty_struct.316116*, %struct.file.316014*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.230612*, %struct.tty_struct.230612*, %struct.file.230059*, i32, i64)*)(%struct.tty_struct.230612* nonnull %13, %struct.tty_struct.230612* %48, %struct.file.230059* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %208 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %99 i32 21520, label %121 i32 21545, label %187 ] %7 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %7, i64 0, i32 86 %9 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %8, align 64 %10 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %9, i64 0, i32 25 %11 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %10, align 8 %12 = icmp eq %struct.tty_struct.316116* %11, %0 br i1 %12, label %13, label %208 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.316170* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.316170** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.316170**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 86 %4 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %4, i64 0, i32 24 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %126, label %8 %9 = getelementptr inbounds %struct.task_struct.316170, %struct.task_struct.316170* %2, i64 0, i32 87 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 2, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.316122*, %struct.signal_struct.316122** %3, align 64 %14 = getelementptr inbounds %struct.signal_struct.316122, %struct.signal_struct.316122* %13, i64 0, i32 25 %15 = load %struct.tty_struct.316116*, %struct.tty_struct.316116** %14, align 8 %16 = icmp eq %struct.tty_struct.316116* %15, null br i1 %16, label %19, label %17 %20 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 8 %21 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %20, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %12) #69 %22 = icmp eq i32 %0, 0 br i1 %16, label %45, label %23 br i1 %22, label %31, label %24 %25 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 3 %26 = load %struct.tty_driver.316112*, %struct.tty_driver.316112** %25, align 8 %27 = getelementptr inbounds %struct.tty_driver.316112, %struct.tty_driver.316112* %26, i64 0, i32 10 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, 4 br i1 %29, label %31, label %30 %32 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 13, i32 0, i32 0 %33 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %32) #69 %34 = getelementptr inbounds %struct.tty_struct.316116, %struct.tty_struct.316116* %15, i64 0, i32 19 %35 = load %struct.pid.39326*, %struct.pid.39326** %34, align 8 %36 = icmp eq %struct.pid.39326* %35, null br i1 %36, label %37, label %38 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %33) #69 br label %44 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_kref_put to void (%struct.tty_struct.316116*)*)(%struct.tty_struct.316116* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_open 1 uart_open ------------- Path:  Function:uart_open %3 = getelementptr inbounds %struct.tty_struct.320005, %struct.tty_struct.320005* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 0 %7 = tail call i32 bitcast (i32 (%struct.tty_port.315001*, %struct.tty_struct.314998*, %struct.file.314944*)* @tty_port_open to i32 (%struct.tty_port.319998*, %struct.tty_struct.320005*, %struct.file.319947*)*)(%struct.tty_port.319998* %6, %struct.tty_struct.320005* %0, %struct.file.319947* %1) #69 Function:tty_port_open %4 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 5 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %5) #69 %6 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = add i32 %7, 1 store i32 %8, i32* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %9, align 1 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 5, i32 0, i32 0 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %12 = getelementptr inbounds %struct.tty_port.315001, %struct.tty_port.315001* %0, i64 0, i32 1 %13 = load %struct.tty_struct.314998*, %struct.tty_struct.314998** %12, align 8 tail call void bitcast (void (%struct.tty_struct.230612*)* @tty_kref_put to void (%struct.tty_struct.314998*)*)(%struct.tty_struct.314998* %13) #69 ------------- Good: 21 Bad: 4 Ignored: 23 Check Use of Function:mutex_lock_killable Use: =BAD PATH= Call Stack: 0 mac_hid_toggle_emumouse ------------- Path:  Function:mac_hid_toggle_emumouse %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @mac_hid_emumouse_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_open ------------- Path:  Function:lo_open %3 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %485 = and i32 %1, 2 %486 = icmp eq i32 %485, 0 br i1 %486, label %487, label %489 %490 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %485 = and i32 %1, 2 %486 = icmp eq i32 %485, 0 br i1 %486, label %487, label %489 %490 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %331 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %331 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %195 = trunc i64 %3 to i32 %196 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %195 = trunc i64 %3 to i32 %196 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %17 = trunc i64 %3 to i32 tail call void bitcast (void (%struct.module.39677*)* @__module_get to void (%struct.module.464189*)*)(%struct.module.464189* null) #69 %18 = tail call %struct.file.464164* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.464164* (i32)*)(i32 %17) #69 %19 = icmp eq %struct.file.464164* %18, null br i1 %19, label %192, label %20 %21 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %17 = trunc i64 %3 to i32 tail call void bitcast (void (%struct.module.39677*)* @__module_get to void (%struct.module.464189*)*)(%struct.module.464189* null) #69 %18 = tail call %struct.file.464164* bitcast (%struct.file.120508* (i32)* @fget to %struct.file.464164* (i32)*)(i32 %17) #69 %19 = icmp eq %struct.file.464164* %18, null br i1 %19, label %192, label %20 %21 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_set_status 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %458 = and i32 %1, 2 %459 = icmp eq i32 %458, 0 br i1 %459, label %460, label %462 %463 = bitcast %struct.loop_info64* %6 to i8* %464 = inttoptr i64 %3 to i8* %465 = call i64 @_copy_from_user(i8* nonnull %463, i8* %464, i64 232) #69 %466 = icmp eq i64 %465, 0 br i1 %466, label %467, label %469 %468 = call fastcc i32 @loop_set_status(%struct.loop_device* %15, %struct.loop_info64* nonnull %6) #69 Function:loop_set_status %3 = tail call %struct.task_struct.464098* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.464098** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.464098**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.464098, %struct.task_struct.464098* %3, i64 0, i32 78 %5 = load %struct.cred.463913*, %struct.cred.463913** %4, align 16 %6 = getelementptr inbounds %struct.cred.463913, %struct.cred.463913* %5, i64 0, i32 1, i32 0 %7 = load i32, i32* %6, align 4 %8 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_set_status 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %458 = and i32 %1, 2 %459 = icmp eq i32 %458, 0 br i1 %459, label %460, label %462 %463 = bitcast %struct.loop_info64* %6 to i8* %464 = inttoptr i64 %3 to i8* %465 = call i64 @_copy_from_user(i8* nonnull %463, i8* %464, i64 232) #69 %466 = icmp eq i64 %465, 0 br i1 %466, label %467, label %469 %468 = call fastcc i32 @loop_set_status(%struct.loop_device* %15, %struct.loop_info64* nonnull %6) #69 Function:loop_set_status %3 = tail call %struct.task_struct.464098* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.464098** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.464098**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.464098, %struct.task_struct.464098* %3, i64 0, i32 78 %5 = load %struct.cred.463913*, %struct.cred.463913** %4, align 16 %6 = getelementptr inbounds %struct.cred.463913, %struct.cred.463913* %5, i64 0, i32 1, i32 0 %7 = load i32, i32* %6, align 4 %8 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_get_status 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %8 = load %struct.gendisk.464051*, %struct.gendisk.464051** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.464044* %0, i32 %1, i32 %2, i64 %35) #70 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %472 = bitcast %struct.loop_info64* %5 to i8* %473 = icmp eq i64 %3, 0 br i1 %473, label %482, label %474 %475 = call fastcc i32 @loop_get_status(%struct.loop_device* %15, %struct.loop_info64* nonnull %5) #69 Function:loop_get_status %3 = alloca %struct.path.464161, align 8 %4 = alloca %struct.kstat, align 8 %5 = bitcast %struct.path.464161* %3 to i8* %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_get_status 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = getelementptr inbounds %struct.block_device.464044, %struct.block_device.464044* %0, i64 0, i32 16 %12 = load %struct.gendisk.464051*, %struct.gendisk.464051** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.464051, %struct.gendisk.464051* %12, i64 0, i32 11 %14 = bitcast i8** %13 to %struct.loop_device** %15 = load %struct.loop_device*, %struct.loop_device** %14, align 8 switch i32 %2, label %489 [ i32 19456, label %16 i32 19462, label %194 i32 19457, label %330 i32 19458, label %348 i32 19459, label %402 i32 19460, label %457 i32 19461, label %471 i32 19463, label %484 i32 19464, label %484 i32 19465, label %484 ] %472 = bitcast %struct.loop_info64* %5 to i8* %473 = icmp eq i64 %3, 0 br i1 %473, label %482, label %474 %475 = call fastcc i32 @loop_get_status(%struct.loop_device* %15, %struct.loop_info64* nonnull %5) #69 Function:loop_get_status %3 = alloca %struct.path.464161, align 8 %4 = alloca %struct.kstat, align 8 %5 = bitcast %struct.path.464161* %3 to i8* %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca %struct.loop_device*, align 8 %5 = alloca %struct.loop_device*, align 8 %6 = alloca %struct.loop_device*, align 8 %7 = alloca %struct.loop_device*, align 8 %8 = bitcast %struct.loop_device** %7 to i8* %9 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca %struct.loop_device*, align 8 %5 = alloca %struct.loop_device*, align 8 %6 = alloca %struct.loop_device*, align 8 %7 = alloca %struct.loop_device*, align 8 %8 = bitcast %struct.loop_device** %7 to i8* %9 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 environ_open ------------- Path:  Function:environ_open %3 = getelementptr %struct.inode.147380, %struct.inode.147380* %0, i64 -1, i32 40, i32 12, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.pid.147089** %5 = load %struct.pid.147089*, %struct.pid.147089** %4, align 8 %6 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.147271* %6, null br i1 %7, label %22, label %8 %9 = tail call %struct.mm_struct.147288* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*, i32)* @mm_access to %struct.mm_struct.147288* (%struct.task_struct.147271*, i32)*)(%struct.task_struct.147271* nonnull %6, i32 9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %4 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %4, i64 0, i32 59 %6 = tail call i32 @mutex_lock_killable(%struct.mutex* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 auxv_open ------------- Path:  Function:auxv_open %3 = getelementptr %struct.inode.147380, %struct.inode.147380* %0, i64 -1, i32 40, i32 12, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.pid.147089** %5 = load %struct.pid.147089*, %struct.pid.147089** %4, align 8 %6 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.147271* %6, null br i1 %7, label %22, label %8 %9 = tail call %struct.mm_struct.147288* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*, i32)* @mm_access to %struct.mm_struct.147288* (%struct.task_struct.147271*, i32)*)(%struct.task_struct.147271* nonnull %6, i32 9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %4 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %4, i64 0, i32 59 %6 = tail call i32 @mutex_lock_killable(%struct.mutex* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 mem_open ------------- Path:  Function:mem_open %3 = getelementptr %struct.inode.147380, %struct.inode.147380* %0, i64 -1, i32 40, i32 12, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.pid.147089** %5 = load %struct.pid.147089*, %struct.pid.147089** %4, align 8 %6 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.147271* %6, null br i1 %7, label %22, label %8 %9 = tail call %struct.mm_struct.147288* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*, i32)* @mm_access to %struct.mm_struct.147288* (%struct.task_struct.147271*, i32)*)(%struct.task_struct.147271* nonnull %6, i32 10) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %4 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %4, i64 0, i32 59 %6 = tail call i32 @mutex_lock_killable(%struct.mutex* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_pid_attr_open ------------- Path:  Function:proc_pid_attr_open %3 = getelementptr inbounds %struct.file.147308, %struct.file.147308* %1, i64 0, i32 16 store i8* null, i8** %3, align 8 %4 = getelementptr %struct.inode.147380, %struct.inode.147380* %0, i64 -1, i32 40, i32 12, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.pid.147089** %6 = load %struct.pid.147089*, %struct.pid.147089** %5, align 8 %7 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %6, i32 0) #69 %8 = icmp eq %struct.task_struct.147271* %7, null br i1 %8, label %25, label %9 %10 = tail call %struct.mm_struct.147288* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*, i32)* @mm_access to %struct.mm_struct.147288* (%struct.task_struct.147271*, i32)*)(%struct.task_struct.147271* nonnull %7, i32 9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %4 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %4, i64 0, i32 59 %6 = tail call i32 @mutex_lock_killable(%struct.mutex* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 pagemap_open ------------- Path:  Function:pagemap_open %3 = tail call %struct.mm_struct.146199* bitcast (%struct.mm_struct.147288* (%struct.inode.147380*, i32)* @proc_mem_open to %struct.mm_struct.146199* (%struct.inode.146364*, i32)*)(%struct.inode.146364* %0, i32 1) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.147380, %struct.inode.147380* %0, i64 -1, i32 40, i32 12, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.pid.147089** %5 = load %struct.pid.147089*, %struct.pid.147089** %4, align 8 %6 = tail call %struct.task_struct.147271* bitcast (%struct.task_struct.46154* (%struct.pid.45783*, i32)* @get_pid_task to %struct.task_struct.147271* (%struct.pid.147089*, i32)*)(%struct.pid.147089* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.147271* %6, null br i1 %7, label %22, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.147288* bitcast (%struct.mm_struct.39317* (%struct.task_struct.39605*, i32)* @mm_access to %struct.mm_struct.147288* (%struct.task_struct.147271*, i32)*)(%struct.task_struct.147271* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %0, i64 0, i32 86 %4 = load %struct.signal_struct.39514*, %struct.signal_struct.39514** %3, align 64 %5 = getelementptr inbounds %struct.signal_struct.39514, %struct.signal_struct.39514* %4, i64 0, i32 59 %6 = tail call i32 @mutex_lock_killable(%struct.mutex* %5) #69 ------------- Good: 22 Bad: 21 Ignored: 53 Check Use of Function:drm_pci_alloc Check Use of Function:disable_swap_slots_cache_lock Check Use of Function:lock_rename Check Use of Function:n_tty_open Check Use of Function:tty_unlock Check Use of Function:audit_seccomp_actions_logged Check Use of Function:rtc_set_time Check Use of Function:exit_swap_address_space Check Use of Function:xt_compat_unlock Check Use of Function:nfs_swap_deactivate Check Use of Function:reenable_swap_slots_cache_unlock Check Use of Function:_enable_swap_info Check Use of Function:try_to_unuse Check Use of Function:mmc_ioctl_cdrom_start_stop Check Use of Function:perf_event_set_output Check Use of Function:security_vm_enough_memory_mm Use: =BAD PATH= Call Stack: 0 __shmem_file_setup 1 shmem_zero_setup 2 mmap_zero ------------- Path:  Function:mmap_zero %3 = getelementptr inbounds %struct.vm_area_struct.323610, %struct.vm_area_struct.323610* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 bitcast (i32 (%struct.vm_area_struct.105211*)* @shmem_zero_setup to i32 (%struct.vm_area_struct.323610*)*)(%struct.vm_area_struct.323610* %1) #69 Function:shmem_zero_setup %2 = getelementptr inbounds %struct.vm_area_struct.105211, %struct.vm_area_struct.105211* %0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.vm_area_struct.105211, %struct.vm_area_struct.105211* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = sub i64 %3, %5 %7 = getelementptr inbounds %struct.vm_area_struct.105211, %struct.vm_area_struct.105211* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = load %struct.vfsmount.105193*, %struct.vfsmount.105193** @shm_mnt, align 8 %10 = tail call fastcc %struct.file.105197* @__shmem_file_setup(%struct.vfsmount.105193* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.3.11789, i64 0, i64 0), i64 %6, i64 %8, i32 512) #69 Function:__shmem_file_setup %6 = icmp ugt %struct.vfsmount.105193* %0, inttoptr (i64 -4096 to %struct.vfsmount.105193*) br i1 %6, label %7, label %9 %10 = icmp slt i64 %2, 0 br i1 %10, label %41, label %11 %12 = and i64 %3, 2097152 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %22 %15 = tail call %struct.task_struct.105104* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.105104** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.105104**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.105104, %struct.task_struct.105104* %15, i64 0, i32 32 %17 = load %struct.mm_struct.105209*, %struct.mm_struct.105209** %16, align 32 %18 = add nuw i64 %2, 4095 %19 = ashr i64 %18, 12 %20 = tail call i32 bitcast (i32 (%struct.mm_struct.229228*, i64)* @security_vm_enough_memory_mm to i32 (%struct.mm_struct.105209*, i64)*)(%struct.mm_struct.105209* %17, i64 %19) #69 ------------- Good: 37 Bad: 1 Ignored: 59 Check Use of Function:read_iter_zero Check Use of Function:pipe_read Check Use of Function:generic_file_read_iter Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %4 = load %struct.file.133631*, %struct.file.133631** %3, align 8 %5 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %4, i64 0, i32 19 %6 = load %struct.address_space.133508*, %struct.address_space.133508** %5, align 8 %7 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %6, i64 0, i32 0 %8 = load %struct.inode.133641*, %struct.inode.133641** %7, align 8 %9 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 ------------- Good: 1 Bad: 1 Ignored: 2 Check Use of Function:rw_verify_area Use: =BAD PATH= Call Stack: 0 __se_sys_splice 1 __ia32_sys_splice ------------- Path:  Function:__ia32_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_splice(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %399, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %399, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.130191* %18 = icmp eq i64 %16, 0 br i1 %18, label %399, label %19 %20 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %394, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.130191* %28 = icmp eq i64 %26, 0 br i1 %28, label %394, label %29 %30 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %389, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.130282* bitcast (%struct.pipe_inode_info* (%struct.file.725*)* @get_pipe_info to %struct.pipe_inode_info.130282* (%struct.file.130191*)*)(%struct.file.130191* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.130282* bitcast (%struct.pipe_inode_info* (%struct.file.725*)* @get_pipe_info to %struct.pipe_inode_info.130282* (%struct.file.130191*)*)(%struct.file.130191* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.130282* %36, null %39 = icmp ne %struct.pipe_inode_info.130282* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %226 br i1 %38, label %227, label %292 %228 = icmp eq i64 %1, 0 br i1 %228, label %229, label %387 %230 = icmp eq i64 %3, 0 br i1 %230, label %239, label %231 %240 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 10 %241 = load i64, i64* %240, align 8 store i64 %241, i64* %7, align 8 br label %242 %243 = load i32, i32* %30, align 4 %244 = and i32 %243, 2 %245 = icmp eq i32 %244, 0 br i1 %245, label %387, label %246, !prof !4, !misexpect !5 %247 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 7 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 1024 %250 = icmp eq i32 %249, 0 br i1 %250, label %251, label %387, !prof !9, !misexpect !5 %252 = call i32 bitcast (i32 (i32, %struct.file.39652*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.130191*, i64*, i64)*)(i32 1, %struct.file.130191* nonnull %27, i64* nonnull %7, i64 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_splice 1 __x64_sys_splice ------------- Path:  Function:__x64_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_splice(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %399, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %399, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.130191* %18 = icmp eq i64 %16, 0 br i1 %18, label %399, label %19 %20 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %394, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.130191* %28 = icmp eq i64 %26, 0 br i1 %28, label %394, label %29 %30 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %389, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.130282* bitcast (%struct.pipe_inode_info* (%struct.file.725*)* @get_pipe_info to %struct.pipe_inode_info.130282* (%struct.file.130191*)*)(%struct.file.130191* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.130282* bitcast (%struct.pipe_inode_info* (%struct.file.725*)* @get_pipe_info to %struct.pipe_inode_info.130282* (%struct.file.130191*)*)(%struct.file.130191* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.130282* %36, null %39 = icmp ne %struct.pipe_inode_info.130282* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %226 br i1 %38, label %227, label %292 %228 = icmp eq i64 %1, 0 br i1 %228, label %229, label %387 %230 = icmp eq i64 %3, 0 br i1 %230, label %239, label %231 %240 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 10 %241 = load i64, i64* %240, align 8 store i64 %241, i64* %7, align 8 br label %242 %243 = load i32, i32* %30, align 4 %244 = and i32 %243, 2 %245 = icmp eq i32 %244, 0 br i1 %245, label %387, label %246, !prof !4, !misexpect !5 %247 = getelementptr inbounds %struct.file.130191, %struct.file.130191* %27, i64 0, i32 7 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 1024 %250 = icmp eq i32 %249, 0 br i1 %250, label %251, label %387, !prof !9, !misexpect !5 %252 = call i32 bitcast (i32 (i32, %struct.file.39652*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.130191*, i64*, i64)*)(i32 1, %struct.file.130191* nonnull %27, i64* nonnull %7, i64 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 __ia32_sys_pread64 ------------- Path:  Function:__ia32_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.39652* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_read(%struct.file.39652* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 __x64_sys_pread64 ------------- Path:  Function:__x64_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.39652* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_read(%struct.file.39652* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 ksys_pread64 2 __ia32_compat_sys_x86_pread ------------- Path:  Function:__ia32_compat_sys_x86_pread %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pread64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pread64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.39652* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_read(%struct.file.39652* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_read %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %56, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %56, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %56, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 __ia32_sys_pwrite64 ------------- Path:  Function:__ia32_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.39652* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_write(%struct.file.39652* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 __x64_sys_pwrite64 ------------- Path:  Function:__x64_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.39652* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_write(%struct.file.39652* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 ksys_pwrite64 2 __ia32_compat_sys_x86_pwrite ------------- Path:  Function:__ia32_compat_sys_x86_pwrite %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pwrite64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pwrite64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.39652* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_write(%struct.file.39652* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.230059*, %struct.file.230059** @redirect, align 8 %6 = icmp eq %struct.file.230059* %5, null br i1 %6, label %11, label %7 %8 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %5, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %9 = getelementptr inbounds %struct.file.230059, %struct.file.230059* %5, i64 0, i32 10 %10 = tail call i64 bitcast (i64 (%struct.file.39652*, i8*, i64, i64*)* @vfs_write to i64 (%struct.file.230059*, i8*, i64, i64*)*)(%struct.file.230059* nonnull %5, i8* %1, i64 %2, i64* %9) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %74, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %74, label %12 %13 = tail call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %13, i64 0, i32 161, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %74, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.39652* %0, i64* %3, i64 %2) #69 ------------- Good: 41 Bad: 9 Ignored: 27 Check Use of Function:__sb_start_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct.100342, %struct.vm_area_struct.100342* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 19 %9 = load %struct.address_space.100583*, %struct.address_space.100583** %8, align 8 %10 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %9, i64 0, i32 8 %11 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %11, i64 0, i32 1 %13 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %12, align 8 %14 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.100638*)*)(%struct.path.100638* %21) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = alloca i64, align 8 %4 = alloca %struct.page.100587*, align 8 %5 = alloca %struct.wait_page_queue, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %8 = load i64, i64* %7, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %668, label %10 %11 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %18 %19 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %20 = load %struct.file.100641*, %struct.file.100641** %19, align 8 %21 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 19 %22 = load %struct.address_space.100583*, %struct.address_space.100583** %21, align 8 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %22, i64 0, i32 0 %24 = load %struct.inode.100633*, %struct.inode.100633** %23, align 8 %25 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = trunc i32 %12 to i8 %28 = icmp sgt i8 %27, -1 %29 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = add i64 %8, -1 %32 = add i64 %31, %30 br i1 %28, label %63, label %33 %34 = bitcast i64* %3 to i8* %35 = ashr i64 %30, 12 store i64 %35, i64* %3, align 8 %36 = ashr i64 %32, 12 %37 = bitcast %struct.page.100587** %4 to i8* %38 = icmp slt i64 %32, %30 br i1 %38, label %61, label %39 br label %68 %69 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 7 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 262144 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %75 %74 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.100638*)*)(%struct.path.100638* %74) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 0 %4 = load %struct.file.133631*, %struct.file.133631** %3, align 8 %5 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %4, i64 0, i32 19 %6 = load %struct.address_space.133508*, %struct.address_space.133508** %5, align 8 %7 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %6, i64 0, i32 0 %8 = load %struct.inode.133641*, %struct.inode.133641** %7, align 8 %9 = getelementptr inbounds %struct.inode.133641, %struct.inode.133641* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.133611, %struct.kiocb.133611* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb.100573*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.133611*, %struct.iov_iter*)*)(%struct.kiocb.133611* %0, %struct.iov_iter* %1) #69 Function:generic_file_read_iter %3 = alloca i64, align 8 %4 = alloca %struct.page.100587*, align 8 %5 = alloca %struct.wait_page_queue, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %8 = load i64, i64* %7, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %668, label %10 %11 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 4 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %18 %19 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 0 %20 = load %struct.file.100641*, %struct.file.100641** %19, align 8 %21 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 19 %22 = load %struct.address_space.100583*, %struct.address_space.100583** %21, align 8 %23 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %22, i64 0, i32 0 %24 = load %struct.inode.100633*, %struct.inode.100633** %23, align 8 %25 = getelementptr inbounds %struct.inode.100633, %struct.inode.100633* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = trunc i32 %12 to i8 %28 = icmp sgt i8 %27, -1 %29 = getelementptr inbounds %struct.kiocb.100573, %struct.kiocb.100573* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = add i64 %8, -1 %32 = add i64 %31, %30 br i1 %28, label %63, label %33 %34 = bitcast i64* %3 to i8* %35 = ashr i64 %30, 12 store i64 %35, i64* %3, align 8 %36 = ashr i64 %32, 12 %37 = bitcast %struct.page.100587** %4 to i8* %38 = icmp slt i64 %32, %30 br i1 %38, label %61, label %39 br label %68 %69 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 7 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 262144 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %75 %74 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %20, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.100638*)*)(%struct.path.100638* %74) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 19 %4 = load %struct.address_space.100583*, %struct.address_space.100583** %3, align 8 %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %4, i64 0, i32 8 %6 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %6, i64 0, i32 1 %8 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %7, align 8 %9 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.100638*)*)(%struct.path.100638* %16) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.179124, %struct.file.179124* %0, i64 0, i32 2 %4 = load %struct.inode.179116*, %struct.inode.179116** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file.100641*, %struct.vm_area_struct.100342*)* @generic_file_mmap to i32 (%struct.file.179124*, %struct.vm_area_struct.179140*)*)(%struct.file.179124* %0, %struct.vm_area_struct.179140* %1) #69 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 19 %4 = load %struct.address_space.100583*, %struct.address_space.100583** %3, align 8 %5 = getelementptr inbounds %struct.address_space.100583, %struct.address_space.100583* %4, i64 0, i32 8 %6 = load %struct.address_space_operations.100582*, %struct.address_space_operations.100582** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations.100582, %struct.address_space_operations.100582* %6, i64 0, i32 1 %8 = load i32 (%struct.file.100641*, %struct.page.100587*)*, i32 (%struct.file.100641*, %struct.page.100587*)** %7, align 8 %9 = icmp eq i32 (%struct.file.100641*, %struct.page.100587*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file.100641, %struct.file.100641* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.100638*)*)(%struct.path.100638* %16) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page.105052*, align 8 %4 = getelementptr inbounds %struct.kiocb.105171, %struct.kiocb.105171* %0, i64 0, i32 0 %5 = load %struct.file.105197*, %struct.file.105197** %4, align 8 %6 = getelementptr inbounds %struct.file.105197, %struct.file.105197* %5, i64 0, i32 2 %7 = load %struct.inode.105188*, %struct.inode.105188** %6, align 8 %8 = getelementptr inbounds %struct.inode.105188, %struct.inode.105188* %7, i64 0, i32 9 %9 = load %struct.address_space.105049*, %struct.address_space.105049** %8, align 8 %10 = getelementptr inbounds %struct.kiocb.105171, %struct.kiocb.105171* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 14 %14 = icmp eq i32 %13, 0 %15 = xor i1 %14, true %16 = zext i1 %15 to i32 %17 = load i64, i64* %10, align 8 %18 = ashr i64 %17, 12 %19 = and i64 %17, 4095 %20 = bitcast %struct.page.105052** %3 to i8* store %struct.page.105052* null, %struct.page.105052** %3, align 8 %21 = getelementptr inbounds %struct.inode.105188, %struct.inode.105188* %7, i64 0, i32 14 %22 = load i64, i64* %21, align 8 %23 = ashr i64 %22, 12 %24 = icmp ugt i64 %18, %23 br i1 %24, label %133, label %25 %26 = getelementptr inbounds %struct.address_space.105049, %struct.address_space.105049* %9, i64 0, i32 2, i32 0 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 br label %28 %29 = phi i64 [ %23, %25 ], [ %126, %123 ] %30 = phi i64 [ %22, %25 ], [ %125, %123 ] %31 = phi i64 [ %18, %25 ], [ %103, %123 ] %32 = phi i64 [ %19, %25 ], [ %104, %123 ] %33 = phi i64 [ 0, %25 ], [ %100, %123 ] %34 = icmp ne i64 %31, %29 %35 = and i64 %30, 4095 %36 = icmp ugt i64 %35, %32 %37 = or i1 %34, %36 br i1 %37, label %38, label %128 %39 = load %struct.address_space.105049*, %struct.address_space.105049** %8, align 8 %40 = getelementptr inbounds %struct.address_space.105049, %struct.address_space.105049* %39, i64 0, i32 11 %41 = load i32, i32* %40, align 4 %42 = call fastcc i32 @shmem_getpage_gfp(%struct.inode.105188* %7, i64 %31, %struct.page.105052** nonnull %3, i32 %16, i32 %41, %struct.vm_area_struct.105211* null, i32* null) #69 switch i32 %42, label %128 [ i32 0, label %43 i32 -22, label %133 ] %134 = phi i32 [ 0, %71 ], [ 0, %58 ], [ 0, %57 ], [ 0, %2 ], [ %129, %128 ], [ 0, %38 ] %135 = phi i64 [ %33, %71 ], [ %33, %58 ], [ %33, %57 ], [ 0, %2 ], [ %130, %128 ], [ %33, %38 ] %136 = phi i64 [ %32, %71 ], [ %32, %58 ], [ %32, %57 ], [ %19, %2 ], [ %131, %128 ], [ %32, %38 ] %137 = phi i64 [ %31, %71 ], [ %31, %58 ], [ %31, %57 ], [ %18, %2 ], [ %132, %128 ], [ %31, %38 ] %138 = shl i64 %137, 12 %139 = add i64 %138, %136 store i64 %139, i64* %10, align 8 %140 = getelementptr inbounds %struct.file.105197, %struct.file.105197* %5, i64 0, i32 7 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, 262144 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %146 %145 = getelementptr inbounds %struct.file.105197, %struct.file.105197* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.105194*)*)(%struct.path.105194* %145) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file.105197, %struct.file.105197* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %8 = getelementptr inbounds %struct.file.105197, %struct.file.105197* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.126188*)* @touch_atime to void (%struct.path.105194*)*)(%struct.path.105194* %8) #69 Function:touch_atime %2 = alloca %struct.anon.48, align 8 %3 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 0 %4 = load %struct.vfsmount.126520*, %struct.vfsmount.126520** %3, align 8 %5 = getelementptr inbounds %struct.path.126188, %struct.path.126188* %0, i64 0, i32 1 %6 = load %struct.dentry.126524*, %struct.dentry.126524** %5, align 8 %7 = getelementptr inbounds %struct.dentry.126524, %struct.dentry.126524* %6, i64 0, i32 5 %8 = load %struct.inode.126536*, %struct.inode.126536** %7, align 8 %9 = bitcast %struct.anon.48* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.126188* %0, %struct.inode.126536* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.126536, %struct.inode.126536* %8, i64 0, i32 8 %13 = load %struct.super_block.126519*, %struct.super_block.126519** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.126519*, i32, i1)*)(%struct.super_block.126519* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_compat_sys_ftruncate ------------- Path:  Function:__ia32_compat_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.120716, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.120508* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.120714*, %struct.dentry.120714** %16, align 8 %18 = getelementptr inbounds %struct.dentry.120714, %struct.dentry.120714* %17, i64 0, i32 5 %19 = load %struct.inode.120727*, %struct.inode.120727** %18, align 8 %20 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 2 %36 = load %struct.inode.120727*, %struct.inode.120727** %35, align 8 %37 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 8 %43 = load %struct.super_block.120709*, %struct.super_block.120709** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.120709*, i32, i1)*)(%struct.super_block.120709* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_sys_ftruncate ------------- Path:  Function:__ia32_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.120716, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.120508* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.120714*, %struct.dentry.120714** %16, align 8 %18 = getelementptr inbounds %struct.dentry.120714, %struct.dentry.120714* %17, i64 0, i32 5 %19 = load %struct.inode.120727*, %struct.inode.120727** %18, align 8 %20 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 2 %36 = load %struct.inode.120727*, %struct.inode.120727** %35, align 8 %37 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 8 %43 = load %struct.super_block.120709*, %struct.super_block.120709** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.120709*, i32, i1)*)(%struct.super_block.120709* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __x64_sys_ftruncate ------------- Path:  Function:__x64_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 @do_sys_ftruncate(i32 %6, i64 %5, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.120716, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.120508* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.120714*, %struct.dentry.120714** %16, align 8 %18 = getelementptr inbounds %struct.dentry.120714, %struct.dentry.120714* %17, i64 0, i32 5 %19 = load %struct.inode.120727*, %struct.inode.120727** %18, align 8 %20 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 2 %36 = load %struct.inode.120727*, %struct.inode.120727** %35, align 8 %37 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 8 %43 = load %struct.super_block.120709*, %struct.super_block.120709** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.120709*, i32, i1)*)(%struct.super_block.120709* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_compat_sys_x86_ftruncate64 ------------- Path:  Function:__ia32_compat_sys_x86_ftruncate64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = shl i64 %8, 32 %11 = or i64 %10, %6 %12 = tail call i64 @do_sys_ftruncate(i32 %9, i64 %11, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.120716, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.120508* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.120714*, %struct.dentry.120714** %16, align 8 %18 = getelementptr inbounds %struct.dentry.120714, %struct.dentry.120714* %17, i64 0, i32 5 %19 = load %struct.inode.120727*, %struct.inode.120727** %18, align 8 %20 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.120508, %struct.file.120508* %9, i64 0, i32 2 %36 = load %struct.inode.120727*, %struct.inode.120727** %35, align 8 %37 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.120727, %struct.inode.120727* %19, i64 0, i32 8 %43 = load %struct.super_block.120709*, %struct.super_block.120709** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.120709*, i32, i1)*)(%struct.super_block.120709* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __ia32_sys_ioctl ------------- Path:  Function:__ia32_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.124588* %14 = icmp eq i64 %12, 0 br i1 %14, label %25, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %20 %19 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %13 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %14 = load %struct.super_block.39641*, %struct.super_block.39641** %13, align 8 %15 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.39641*, i32, i1)*)(%struct.super_block.39641* %14, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __x64_sys_ioctl ------------- Path:  Function:__x64_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = tail call i64 @__fdget(i32 %8) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.124588* %13 = icmp eq i64 %11, 0 br i1 %13, label %24, label %14 %15 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.124588*, i32, i64)*)(%struct.file.124588* nonnull %12, i32 %9, i64 %7) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %19 %18 = tail call i32 @do_vfs_ioctl(%struct.file.124588* nonnull %12, i32 %8, i32 %9, i64 %7) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %13 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %14 = load %struct.super_block.39641*, %struct.super_block.39641** %13, align 8 %15 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.39641*, i32, i1)*)(%struct.super_block.39641* %14, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.140166* %14 = icmp eq i64 %12, 0 br i1 %14, label %1213, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.229025*, i32, i64)* @security_file_ioctl to i32 (%struct.file.140166*, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %1208 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %1206 i32 1075876877, label %1206 i32 -1072131018, label %1206 i32 -1071618549, label %1206 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 2 %143 = load %struct.inode.140605*, %struct.inode.140605** %142, align 8 %144 = getelementptr inbounds %struct.inode.140605, %struct.inode.140605* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.140166, %struct.file.140166* %13, i64 0, i32 3 %150 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %150, i64 0, i32 10 %152 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.140166*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.140166* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %1208 %159 = load %struct.file_operations.140132*, %struct.file_operations.140132** %149, align 8 br label %160 %161 = phi %struct.file_operations.140132* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.140132, %struct.file_operations.140132* %161, i64 0, i32 9 %163 = load i64 (%struct.file.140166*, i32, i64)*, i64 (%struct.file.140166*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.140166*, i32, i64)* %163, null br i1 %164, label %1206, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 452 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 452 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [453 x i32], [453 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %1206, label %194 %1207 = tail call i32 bitcast (i32 (%struct.file.124588*, i32, i32, i64)* @do_vfs_ioctl to i32 (%struct.file.140166*, i32, i32, i64)*)(%struct.file.140166* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 2 %12 = load %struct.inode.124752*, %struct.inode.124752** %11, align 8 switch i32 %2, label %294 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %220 i32 -1072131018, label %256 ] %221 = inttoptr i64 %3 to i8* %222 = bitcast %struct.sched_info* %6 to i8* %223 = call i64 @_copy_from_user(i8* nonnull %222, i8* %221, i64 32) #69 %224 = icmp eq i64 %223, 0 br i1 %224, label %225, label %253 %226 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %227 = load i64, i64* %226, align 8 %228 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %233 = load i64, i64* %232, align 8 %234 = trunc i64 %227 to i32 %235 = call i64 @__fdget(i32 %234) #69 %236 = and i64 %235, -4 %237 = inttoptr i64 %236 to %struct.file.124588* %238 = icmp eq i64 %236, 0 br i1 %238, label %253, label %239 %240 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %237, i64 0, i32 1, i32 0 %241 = load %struct.vfsmount*, %struct.vfsmount** %240, align 8 %242 = getelementptr inbounds %struct.file.124588, %struct.file.124588* %0, i64 0, i32 1, i32 0 %243 = load %struct.vfsmount*, %struct.vfsmount** %242, align 8 %244 = icmp eq %struct.vfsmount* %241, %243 br i1 %244, label %245, label %248 %246 = call i32 bitcast (i32 (%struct.file.39652*, i64, %struct.file.39652*, i64, i64)* @vfs_clone_file_range to i32 (%struct.file.124588*, i64, %struct.file.124588*, i64, i64)*)(%struct.file.124588* nonnull %237, i64 %229, %struct.file.124588* %0, i64 %233, i64 %231) #69 Function:vfs_clone_file_range %6 = getelementptr inbounds %struct.file.39652, %struct.file.39652* %2, i64 0, i32 2 %7 = load %struct.inode.39644*, %struct.inode.39644** %6, align 8 %8 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, -32768 br i1 %11, label %12, label %16 %13 = getelementptr inbounds %struct.inode.39644, %struct.inode.39644* %7, i64 0, i32 8 %14 = load %struct.super_block.39641*, %struct.super_block.39641** %13, align 8 %15 = tail call i32 bitcast (i32 (%struct.super_block.121910*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.39641*, i32, i1)*)(%struct.super_block.39641* %14, i32 1, i1 zeroext true) #69 ------------- Good: 44 Bad: 14 Ignored: 72 Check Use of Function:random_read_iter Check Use of Function:nfs_file_read Check Use of Function:shmem_file_read_iter Check Use of Function:security_inode_setxattr Check Use of Function:ext4_file_read_iter Check Use of Function:ip_tunnel_update Check Use of Function:devkmsg_write Check Use of Function:import_single_range Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %178 = zext i32 %92 to i64 %179 = inttoptr i64 %178 to i8* %180 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %181 = load i32, i32* %180, align 8 %182 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %183 = load i32, i32* %182, align 4 %184 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 4 %185 = load i32, i32* %184, align 16 %186 = zext i32 %185 to i64 %187 = inttoptr i64 %186 to %struct.sys_desc_table* %188 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 5 %189 = load i32, i32* %188, align 4 %190 = zext i32 %189 to i64 %191 = inttoptr i64 %190 to i32* %192 = zext i32 %181 to i64 %193 = or i32 %183, -2147483648 %194 = call i32 @__sys_recvfrom(i32 %90, i8* %179, i64 %192, i32 %193, %struct.sys_desc_table* %187, i32* %191) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recvfrom ------------- Path:  Function:__ia32_compat_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = or i32 %20, -2147483648 %24 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %23, %struct.sys_desc_table* %21, i32* %22) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recv ------------- Path:  Function:__ia32_compat_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = or i32 %14, -2147483648 %16 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %15, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %134 = trunc i64 %41 to i32 %135 = inttoptr i64 %43 to i8* %136 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %137 = load i64, i64* %136, align 16 %138 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %139 = load i64, i64* %138, align 8 %140 = trunc i64 %139 to i32 %141 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %142 = bitcast i64* %141 to %struct.sys_desc_table** %143 = load %struct.sys_desc_table*, %struct.sys_desc_table** %142, align 16 %144 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 5 %145 = bitcast i64* %144 to i32** %146 = load i32*, i32** %145, align 8 %147 = call i32 @__sys_recvfrom(i32 %134, i8* %135, i64 %137, i32 %140, %struct.sys_desc_table* %143, i32* %146) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %134 = trunc i64 %41 to i32 %135 = inttoptr i64 %43 to i8* %136 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %137 = load i64, i64* %136, align 16 %138 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %139 = load i64, i64* %138, align 8 %140 = trunc i64 %139 to i32 %141 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %142 = bitcast i64* %141 to %struct.sys_desc_table** %143 = load %struct.sys_desc_table*, %struct.sys_desc_table** %142, align 16 %144 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 5 %145 = bitcast i64* %144 to i32** %146 = load i32*, i32** %145, align 8 %147 = call i32 @__sys_recvfrom(i32 %134, i8* %135, i64 %137, i32 %140, %struct.sys_desc_table* %143, i32* %146) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recv ------------- Path:  Function:__ia32_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recv ------------- Path:  Function:__x64_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_recvfrom(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recvfrom ------------- Path:  Function:__ia32_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %20, %struct.sys_desc_table* %21, i32* %22) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recvfrom ------------- Path:  Function:__x64_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = bitcast i64* %14 to i32** %16 = load i32*, i32** %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %10 to i32 %19 = tail call i32 @__sys_recvfrom(i32 %17, i8* %6, i64 %8, i32 %18, %struct.sys_desc_table* %13, i32* %16) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca %struct.anon.48, align 8 %3 = alloca [6 x i64], align 16 %4 = alloca [6 x i32], align 16 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = bitcast [6 x i32]* %4 to i8* %11 = add i32 %9, -1 %12 = icmp ugt i32 %11, 19 br i1 %12, label %287, label %13 %14 = and i64 %6, 4294967295 %15 = and i64 %8, 4294967295 %16 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %14 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i64 %19 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 0 %20 = inttoptr i64 %15 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %10, i8* %20, i64 %18) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %287 %24 = lshr i8 %17, 2 %25 = zext i8 %24 to i32 %26 = bitcast [6 x i64]* %3 to i8* %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !4 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %24, 0 br i1 %36, label %83, label %37 %38 = zext i8 %24 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %4, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %3, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %3, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %25, i64* nonnull %84) #69 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %19, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %9, label %284 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %274 ] %153 = zext i32 %92 to i64 %154 = inttoptr i64 %153 to i8* %155 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 2 %156 = load i32, i32* %155, align 8 %157 = zext i32 %156 to i64 %158 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 3 %159 = load i32, i32* %158, align 4 %160 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 4 %161 = load i32, i32* %160, align 16 %162 = zext i32 %161 to i64 %163 = inttoptr i64 %162 to %struct.sys_desc_table* %164 = getelementptr inbounds [6 x i32], [6 x i32]* %4, i64 0, i64 5 %165 = load i32, i32* %164, align 4 %166 = call i32 @__sys_sendto(i32 %90, i8* %154, i64 %157, i32 %159, %struct.sys_desc_table* %163, i32 %165) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %110 = trunc i64 %41 to i32 %111 = inttoptr i64 %43 to i8* %112 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %113 = load i64, i64* %112, align 16 %114 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %115 = load i64, i64* %114, align 8 %116 = trunc i64 %115 to i32 %117 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %118 = bitcast i64* %117 to %struct.sys_desc_table** %119 = load %struct.sys_desc_table*, %struct.sys_desc_table** %118, align 16 %120 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 5 %121 = load i64, i64* %120, align 8 %122 = trunc i64 %121 to i32 %123 = call i32 @__sys_sendto(i32 %110, i8* %111, i64 %113, i32 %116, %struct.sys_desc_table* %119, i32 %122) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.48, align 8 %4 = alloca %struct.msghdr.230061, align 8 %5 = alloca %struct.msghdr.230061, align 8 %6 = alloca [6 x i64], align 16 %7 = trunc i64 %0 to i32 %8 = bitcast [6 x i64]* %6 to i8* %9 = add i32 %7, -1 %10 = icmp ugt i32 %9, 19 br i1 %10, label %340, label %11 %12 = and i64 %0, 4294967295 %13 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %12) #6, !srcloc !4 %14 = and i64 %13, %0 %15 = trunc i64 %14 to i32 %16 = and i64 %14, 4294967295 %17 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %16 %18 = load i8, i8* %17, align 1 %19 = zext i8 %18 to i64 %20 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 0 %21 = inttoptr i64 %1 to i8* %22 = call i64 @_copy_from_user(i8* nonnull %8, i8* %21, i64 %19) #69 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %340 %25 = lshr i8 %18, 3 %26 = zext i8 %25 to i32 %27 = call %struct.task_struct.230652* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.230652** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.230652**)) #10, !srcloc !5 %28 = getelementptr inbounds %struct.task_struct.230652, %struct.task_struct.230652* %27, i64 0, i32 96 %29 = load %struct.audit_context.84791*, %struct.audit_context.84791** %28, align 32 %30 = icmp eq %struct.audit_context.84791* %29, null br i1 %30, label %40, label %31 %32 = bitcast %struct.audit_context.84791* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %40, !prof !6, !misexpect !7 %36 = call i32 @__audit_socketcall(i32 %26, i64* nonnull %20) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %41 = load i64, i64* %20, align 16 %42 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 1 %43 = load i64, i64* %42, align 8 switch i32 %15, label %337 [ i32 1, label %44 i32 2, label %51 i32 3, label %58 i32 4, label %65 i32 5, label %69 i32 6, label %76 i32 7, label %83 i32 8, label %90 i32 9, label %100 i32 11, label %109 i32 10, label %124 i32 12, label %133 i32 13, label %148 i32 14, label %186 i32 15, label %199 i32 16, label %212 i32 20, label %249 i32 17, label %259 i32 19, label %296 i32 18, label %327 ] %110 = trunc i64 %41 to i32 %111 = inttoptr i64 %43 to i8* %112 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 2 %113 = load i64, i64* %112, align 16 %114 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 3 %115 = load i64, i64* %114, align 8 %116 = trunc i64 %115 to i32 %117 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 4 %118 = bitcast i64* %117 to %struct.sys_desc_table** %119 = load %struct.sys_desc_table*, %struct.sys_desc_table** %118, align 16 %120 = getelementptr inbounds [6 x i64], [6 x i64]* %6, i64 0, i64 5 %121 = load i64, i64* %120, align 8 %122 = trunc i64 %121 to i32 %123 = call i32 @__sys_sendto(i32 %110, i8* %111, i64 %113, i32 %116, %struct.sys_desc_table* %119, i32 %122) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_send ------------- Path:  Function:__ia32_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_sendto(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32 0) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_send ------------- Path:  Function:__x64_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_sendto(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32 0) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_sendto ------------- Path:  Function:__ia32_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = inttoptr i64 %6 to i8* %19 = trunc i64 %11 to i32 %20 = inttoptr i64 %14 to %struct.sys_desc_table* %21 = trunc i64 %16 to i32 %22 = tail call i32 @__sys_sendto(i32 %17, i8* %18, i64 %9, i32 %19, %struct.sys_desc_table* %20, i32 %21) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_sendto ------------- Path:  Function:__x64_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %10 to i32 %18 = trunc i64 %15 to i32 %19 = tail call i32 @__sys_sendto(i32 %16, i8* %6, i64 %8, i32 %17, %struct.sys_desc_table* %13, i32 %18) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.230061, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.230061* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %6 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %10 to i32 %20 = trunc i64 %13 to i32 %21 = trunc i64 %16 to i32 switch i32 %17, label %95 [ i32 0, label %22 i32 1, label %24 i32 2, label %28 i32 3, label %31 i32 6, label %33 i32 7, label %36 i32 8, label %38 i32 9, label %40 i32 10, label %42 i32 11, label %46 i32 4, label %49 i32 5, label %51 i32 12, label %53 i32 13, label %56 i32 14, label %58 i32 15, label %60 i32 16, label %62 i32 17, label %64 i32 18, label %67 i32 19, label %69 i32 20, label %71 i32 21, label %89 i32 29, label %91 ] %54 = inttoptr i64 %11 to i8* %55 = tail call i64 @keyctl_instantiate_key(i32 %18, i8* %54, i64 %14, i32 %21) #69 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %11 = bitcast %struct.iovec* %5 to i8* %12 = bitcast %struct.iov_iter* %6 to i8* %13 = call i32 @import_single_range(i32 1, i8* nonnull %1, i64 %2, %struct.iovec* nonnull %5, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %153 = trunc i64 %1 to i32 %154 = trunc i64 %4 to i32 %155 = icmp ne i64 %2, 0 %156 = icmp ne i64 %3, 0 %157 = and i1 %155, %156 br i1 %157, label %158, label %170 %159 = inttoptr i64 %2 to i8* %160 = bitcast %struct.iovec* %9 to i8* %161 = bitcast %struct.iov_iter* %10 to i8* %162 = call i32 @import_single_range(i32 1, i8* nonnull %159, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %253 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %245 i32 29, label %248 ] %153 = trunc i64 %1 to i32 %154 = trunc i64 %4 to i32 %155 = icmp ne i64 %2, 0 %156 = icmp ne i64 %3, 0 %157 = and i1 %155, %156 br i1 %157, label %158, label %170 %159 = inttoptr i64 %2 to i8* %160 = bitcast %struct.iovec* %9 to i8* %161 = bitcast %struct.iov_iter* %10 to i8* %162 = call i32 @import_single_range(i32 1, i8* nonnull %159, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #69 ------------- Good: 8 Bad: 23 Ignored: 9 Check Use of Function:random_write_iter Check Use of Function:perf_event_enable Check Use of Function:nfs_file_write Check Use of Function:slow_avc_audit Check Use of Function:sock_write_iter Check Use of Function:pipe_write Check Use of Function:ext4_file_write_iter Check Use of Function:blkdev_write_iter Check Use of Function:sb_set_blocksize Check Use of Function:fib_table_insert Check Use of Function:fib_new_table Check Use of Function:fib_table_delete Check Use of Function:xt_request_find_match Check Use of Function:n_null_open Check Use of Function:n_null_close Check Use of Function:serport_ldisc_close Check Use of Function:security_inode_getxattr Check Use of Function:tcf_block_find Check Use of Function:tty_ldisc_reinit Check Use of Function:tty_buffer_restart_work Check Use of Function:ldsem_up_write Check Use of Function:tty_ldisc_get Check Use of Function:ldsem_down_write Check Use of Function:static_key_slow_inc Check Use of Function:rt6_lookup Check Use of Function:dst_release Use: =BAD PATH= Call Stack: 0 rt6_remove_exception 1 rt6_remove_exception_rt 2 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1 %12 = bitcast %struct.dst_entry.684758* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.fib6_info.684763* %15 = load i32, i32* %6, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq i64 %13, 0 br i1 %25, label %43, label %26 %27 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = tail call fastcc i32 @rt6_remove_exception_rt(%struct.rt6_info.684760* nonnull %2) #69 Function:rt6_remove_exception_rt %2 = alloca %struct.anon.202, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 1 %5 = bitcast %struct.fib6_info.684763** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.fib6_info.684763* %8 = icmp eq i64 %6, 0 br i1 %8, label %69, label %9 %10 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 16777216 %13 = icmp eq i32 %12, 0 br i1 %13, label %69, label %14 %15 = getelementptr inbounds %struct.fib6_info.684763, %struct.fib6_info.684763* %7, i64 0, i32 13 %16 = bitcast %struct.rt6_exception_bucket** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %69, label %19 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %20 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %15, align 8 %21 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0 %22 = icmp ne %struct.rt6_exception_bucket* %20, null %23 = icmp ne %struct.in6_addr* %21, null %24 = and i1 %23, %22 br i1 %24, label %25, label %67 %26 = bitcast %struct.anon.202* %2 to i8* %27 = bitcast %struct.in6_addr* %21 to i8* %28 = getelementptr inbounds %struct.anon.202, %struct.anon.202* %2, i64 0, i32 1 %29 = bitcast %struct.in6_addr* %28 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@rt6_remove_exception_rt, %30)) #6 to label %35 [label %30], !srcloc !4 %36 = call i64 @__siphash_unaligned(i8* nonnull %26, i64 32, %struct.siphash_key_t* nonnull @rt6_exception_hash.rt6_exception_key) #69 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 54 %39 = getelementptr %struct.rt6_exception_bucket, %struct.rt6_exception_bucket* %20, i64 %38 %40 = bitcast %struct.rt6_exception_bucket* %39 to %struct.rt6_exception** %41 = load %struct.rt6_exception*, %struct.rt6_exception** %40, align 8 %42 = icmp eq %struct.rt6_exception* %41, null br i1 %42, label %67, label %43 %44 = bitcast %struct.in6_addr* %21 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr %struct.rt6_info.684760, %struct.rt6_info.684760* %0, i64 0, i32 2, i32 0, i32 0, i32 0, i64 2 %47 = bitcast i32* %46 to i64* %48 = load i64, i64* %47, align 8 br label %49 %50 = phi %struct.rt6_exception* [ %41, %43 ], [ %64, %62 ] %51 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %50, i64 0, i32 1 %52 = load %struct.rt6_info.684760*, %struct.rt6_info.684760** %51, align 8 %53 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %52, i64 0, i32 2, i32 0 %54 = bitcast %struct.in6_addr* %53 to i64* %55 = load i64, i64* %54, align 8 %56 = getelementptr %struct.rt6_info.684760, %struct.rt6_info.684760* %52, i64 0, i32 2, i32 0, i32 0, i32 0, i64 2 %57 = bitcast i32* %56 to i64* %58 = load i64, i64* %57, align 8 %59 = icmp eq i64 %45, %55 %60 = icmp eq i64 %48, %58 %61 = and i1 %59, %60 br i1 %61, label %66, label %62 call fastcc void @rt6_remove_exception(%struct.rt6_exception_bucket* %39, %struct.rt6_exception* nonnull %50) #70 Function:rt6_remove_exception %3 = icmp ne %struct.rt6_exception_bucket* %0, null %4 = icmp ne %struct.rt6_exception* %1, null %5 = and i1 %3, %4 br i1 %5, label %6, label %53 %7 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 1 %8 = load %struct.rt6_info.684760*, %struct.rt6_info.684760** %7, align 8 %9 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %8, i64 0, i32 0, i32 0 %10 = load %struct.net_device.684854*, %struct.net_device.684854** %9, align 8 %11 = getelementptr inbounds %struct.net_device.684854, %struct.net_device.684854* %10, i64 0, i32 107, i32 0 %12 = load %struct.net.684933*, %struct.net.684933** %11, align 8 %13 = getelementptr inbounds %struct.net.684933, %struct.net.684933* %12, i64 0, i32 34, i32 13 %14 = load %struct.rt6_statistics*, %struct.rt6_statistics** %13, align 8 %15 = getelementptr inbounds %struct.rt6_statistics, %struct.rt6_statistics* %14, i64 0, i32 3 %16 = load i32, i32* %15, align 4 %17 = add i32 %16, -1 store i32 %17, i32* %15, align 4 %18 = load %struct.rt6_info.684760*, %struct.rt6_info.684760** %7, align 8 %19 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %18, i64 0, i32 1 %20 = tail call %struct.fib6_info.684763* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.fib6_info.684763** %19, %struct.fib6_info.684763* null, %struct.fib6_info.684763** %19) #6, !srcloc !4 %21 = icmp eq %struct.fib6_info.684763* %20, null br i1 %21, label %29, label %22 %30 = load %struct.rt6_info.684760*, %struct.rt6_info.684760** %7, align 8 %31 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %30, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.684758*)*)(%struct.dst_entry.684758* %31) #69 %32 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 0 %33 = load %struct.hlist_node*, %struct.hlist_node** %32, align 8 %34 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 1 %35 = load %struct.hlist_node**, %struct.hlist_node*** %34, align 8 %36 = ptrtoint %struct.hlist_node* %33 to i64 %37 = bitcast %struct.hlist_node** %35 to i64* store volatile i64 %36, i64* %37, align 8 %38 = icmp eq %struct.hlist_node* %33, null br i1 %38, label %41, label %39 store %struct.hlist_node** inttoptr (i64 -2401263026318605824 to %struct.hlist_node**), %struct.hlist_node*** %34, align 8 %42 = load %struct.rt6_info.684760*, %struct.rt6_info.684760** %7, align 8 %43 = getelementptr inbounds %struct.rt6_info.684760, %struct.rt6_info.684760* %42, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.684758*)*)(%struct.dst_entry.684758* %43) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = bitcast %struct.dst_entry.684758* %0 to %struct.rt6_info.684760* %3 = icmp eq %struct.dst_entry.684758* %0, null br i1 %3, label %46, label %4 %5 = getelementptr inbounds %struct.dst_entry.684758, %struct.dst_entry.684758* %0, i64 1, i32 13 %6 = bitcast i64* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 16777216 %9 = icmp eq i32 %8, 0 br i1 %9, label %45, label %10 tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.684758*)*)(%struct.dst_entry.684758* nonnull %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh.631326, %struct.fib_nh.631326* %0, i64 0, i32 13 %14 = load %struct.fnhe_hash_bucket.631325*, %struct.fnhe_hash_bucket.631325** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.631324* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.631324* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.631324* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.631324* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.631324** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.631324* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.631324** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.631321** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.631321* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 br label %42 %43 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 8 %44 = bitcast %struct.rtable.631321** %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %50, label %47 %48 = inttoptr i64 %45 to %struct.rtable.631321* store volatile i64 0, i64* %44, align 8 %49 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %48, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %49) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %49) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh.631326, %struct.fib_nh.631326* %0, i64 0, i32 13 %14 = load %struct.fnhe_hash_bucket.631325*, %struct.fnhe_hash_bucket.631325** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.631324* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.631324* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.631324* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.631324* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.631324** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.631324* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.631324** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.631321** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.631321* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 br label %42 %43 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 8 %44 = bitcast %struct.rtable.631321** %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %50, label %47 %48 = inttoptr i64 %45 to %struct.rtable.631321* store volatile i64 0, i64* %44, align 8 %49 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %48, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %49) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %49) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %3 = icmp eq %struct.dst_entry.631314* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.631314, %struct.dst_entry.631314* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2200 %3 = bitcast i8* %2 to %struct.net_device.657285** store %struct.net_device.657285* %0, %struct.net_device.657285** %3, align 8 %4 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.657195** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2264 %10 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.657285* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2312 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %51, label %8 %9 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2208 %10 = bitcast i8* %9 to %struct.net.657195** %11 = load %struct.net.657195*, %struct.net.657195** %10, align 8 %12 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2308 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2297 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %0, i64 0, i32 0, i64 2280 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 0, i8* %27, align 1 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %31, align 4 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %32, align 8 %33 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %34 = bitcast %struct.kuid_t* %33 to %struct.nlattr* %35 = bitcast %struct.kuid_t* %33 to i16* store i16 0, i16* %35, align 8 %36 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %34, i64 0, i32 1 store i16 0, i16* %36, align 2 %37 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %11, %struct.flowi4* nonnull %2, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh.631326, %struct.fib_nh.631326* %0, i64 0, i32 13 %14 = load %struct.fnhe_hash_bucket.631325*, %struct.fnhe_hash_bucket.631325** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.631324* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.631324* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.631324* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.631324* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.631324** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.631324* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.631324** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.631321** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.631321* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 31 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 38 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 33 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 39 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 7 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %467, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.657300*, i32)*)(%struct.sk_buff.657300* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %467, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %467 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2297 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2302 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2312 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2324 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %126, label %86 %87 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.657093* %91 = icmp eq i64 %89, 0 br i1 %91, label %461, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %90, i64 0, i32 1 %95 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %95, i64 0, i32 14 %97 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.657069* %97(%struct.dst_entry.657093* nonnull %90, %struct.sk_buff.657300* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.657069* %98, inttoptr (i64 -4096 to %struct.neighbour.657069*) %100 = icmp eq %struct.neighbour.657069* %98, null %101 = or i1 %99, %100 br i1 %101, label %461, label %102 %103 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 23 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %98, i64 0, i32 6, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !7 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %98) #69 br label %125 br i1 %119, label %461, label %126 %127 = phi i32 [ %68, %80 ], [ %118, %125 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %186 %130 = getelementptr inbounds i8, i8* %59, i64 24 %131 = bitcast i8* %130 to i16* %132 = load i16, i16* %131, align 4 %133 = icmp eq i16 %132, 544 br i1 %133, label %134, label %139 %135 = getelementptr i8, i8* %130, i64 2 %136 = bitcast i8* %135 to i32* %137 = load i32, i32* %136, align 2 %138 = icmp eq i32 %137, 0 br i1 %138, label %139, label %186 %140 = getelementptr inbounds %struct.sk_buff.657300, %struct.sk_buff.657300* %0, i64 0, i32 4, i32 0, i32 0 %141 = load i64, i64* %140, align 8 %142 = and i64 %141, -2 %143 = inttoptr i64 %142 to %struct.dst_entry.657093* %144 = icmp eq i64 %142, 0 br i1 %144, label %461, label %145 %146 = getelementptr inbounds %struct.dst_entry.657093, %struct.dst_entry.657093* %143, i64 0, i32 1 %147 = load %struct.dst_ops.657070*, %struct.dst_ops.657070** %146, align 8 %148 = getelementptr inbounds %struct.dst_ops.657070, %struct.dst_ops.657070* %147, i64 0, i32 14 %149 = load %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)*, %struct.neighbour.657069* (%struct.dst_entry.657093*, %struct.sk_buff.657300*, i8*)** %148, align 8 %150 = tail call %struct.neighbour.657069* %149(%struct.dst_entry.657093* nonnull %143, %struct.sk_buff.657300* null, i8* %130) #69 %151 = icmp ugt %struct.neighbour.657069* %150, inttoptr (i64 -4096 to %struct.neighbour.657069*) %152 = icmp eq %struct.neighbour.657069* %150, null %153 = or i1 %151, %152 br i1 %153, label %461, label %154 %155 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 23 %156 = bitcast [0 x i8]* %155 to %struct.in6_addr* %157 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %156) #69 %158 = and i32 %157, 65535 %159 = icmp eq i32 %158, 0 br i1 %159, label %160, label %169 %161 = load i8*, i8** %11, align 8 %162 = load i16, i16* %13, align 4 %163 = zext i16 %162 to i64 %164 = getelementptr i8, i8* %161, i64 %163 %165 = getelementptr inbounds i8, i8* %164, i64 24 %166 = bitcast i8* %165 to %struct.in6_addr* %167 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %166) #69 %168 = and i32 %167, 65535 br label %169 %170 = phi %struct.in6_addr* [ %166, %160 ], [ %156, %154 ] %171 = phi i32 [ %168, %160 ], [ %158, %154 ] %172 = trunc i32 %171 to i8 %173 = icmp sgt i8 %172, -1 br i1 %173, label %177, label %174 %175 = getelementptr %struct.in6_addr, %struct.in6_addr* %170, i64 0, i32 0, i32 0, i64 3 %176 = load i32, i32* %175, align 4 br label %177 %178 = phi i32 [ %176, %174 ], [ 0, %169 ] %179 = phi i1 [ false, %174 ], [ true, %169 ] %180 = getelementptr inbounds %struct.neighbour.657069, %struct.neighbour.657069* %150, i64 0, i32 6, i32 0, i32 0 %181 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %180, i32* %180) #6, !srcloc !7 %182 = and i8 %181, 1 %183 = icmp eq i8 %182, 0 br i1 %183, label %185, label %184 tail call void bitcast (void (%struct.neighbour.588877*)* @neigh_destroy to void (%struct.neighbour.657069*)*)(%struct.neighbour.657069* nonnull %150) #69 br label %185 br i1 %179, label %461, label %186 %187 = phi i32 [ %137, %134 ], [ %178, %185 ], [ %127, %126 ] %188 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2280 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 8 %191 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2360 %192 = bitcast i8* %191 to i32* %193 = load i32, i32* %192, align 8 %194 = and i8 %81, 30 %195 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2308 %196 = bitcast i8* %195 to i32* %197 = load i32, i32* %196, align 4 %198 = getelementptr %struct.net_device.657285, %struct.net_device.657285* %1, i64 0, i32 0, i64 2208 %199 = bitcast i8* %198 to %struct.net.657195** %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %190, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %193, i32* %202, align 8 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %194, i8* %203, align 4 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %205, align 2 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 store i8 0, i8* %206, align 1 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 7 store i32 0, i32* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 8, i32 0 store i64 0, i64* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 9, i32 0 store i32 0, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %187, i32* %210, align 4 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %197, i32* %211, align 8 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %213 = bitcast %struct.kuid_t* %212 to %struct.nlattr* %214 = bitcast %struct.kuid_t* %212 to i16* store i16 0, i16* %214, align 8 %215 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %213, i64 0, i32 1 store i16 0, i16* %215, align 2 %216 = load %struct.net.657195*, %struct.net.657195** %199, align 8 %217 = call %struct.rtable.657302* bitcast (%struct.rtable.631321* (%struct.net.630923*, %struct.flowi4*, %struct.sock.631192*)* @ip_route_output_flow to %struct.rtable.657302* (%struct.net.657195*, %struct.flowi4*, %struct.sock.657100*)*)(%struct.net.657195* %216, %struct.flowi4* nonnull %3, %struct.sock.657100* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.631327, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.631327* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.631321* @ip_route_output_key_hash_rcu(%struct.net.630923* %0, %struct.flowi4* %1, %struct.fib_result.631327* nonnull %4, %struct.sk_buff.631221* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %43, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 %15 = and i32 %8, 255 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %194, label %18 %19 = icmp eq i32 %6, 0 br i1 %19, label %20, label %33 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 240 %24 = icmp eq i32 %23, 224 %25 = icmp eq i32 %22, -1 %26 = or i1 %25, %24 br i1 %26, label %27, label %33 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %35 = load i8, i8* %34, align 1 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %43 %44 = phi i32 [ %6, %4 ], [ %42, %41 ], [ %6, %33 ] %45 = icmp eq i32 %44, 0 br i1 %45, label %90, label %46 %47 = tail call %struct.net_device.631313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i32)* @dev_get_by_index_rcu to %struct.net_device.631313* (%struct.net.630923*, i32)*)(%struct.net.630923* %0, i32 %44) #69 %48 = icmp eq %struct.net_device.631313* %47, null br i1 %48, label %194, label %49 %50 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 34 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %194, label %54 %55 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %47, i64 0, i32 67 %56 = bitcast %struct.in_device.631272** %55 to i64* %57 = load volatile i64, i64* %56, align 8 %58 = icmp eq i64 %57, 0 br i1 %58, label %194, label %59 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %61 = load i32, i32* %60, align 4 %62 = and i32 %61, 16777215 %63 = icmp eq i32 %62, 224 %64 = icmp eq i32 %61, -1 %65 = or i1 %64, %63 br i1 %65, label %70, label %66 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 2 %69 = icmp eq i8 %68, 2 br i1 %69, label %70, label %75 %71 = load i32, i32* %7, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %189 %190 = phi i32 [ 0, %30 ], [ %6, %70 ], [ %6, %73 ], [ %6, %147 ], [ %178, %169 ], [ %6, %181 ], [ %6, %99 ] %191 = phi i32 [ 0, %30 ], [ 0, %70 ], [ 0, %73 ], [ 0, %147 ], [ -2147483648, %169 ], [ 0, %181 ], [ -2147483648, %99 ] %192 = phi %struct.net_device.631313* [ %28, %30 ], [ %47, %70 ], [ %47, %73 ], [ %91, %147 ], [ %173, %169 ], [ %188, %181 ], [ %101, %99 ] %193 = tail call fastcc %struct.rtable.631321* @__mkroute_output(%struct.fib_result.631327* %2, %struct.flowi4* %1, i32 %190, %struct.net_device.631313* %192, i32 %191) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 6 %8 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.631272** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.631272* %16 = icmp eq i64 %14, 0 br i1 %16, label %304, label %17 %18 = getelementptr inbounds %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 0 %19 = load %struct.net_device.631313*, %struct.net_device.631313** %18, align 8 %20 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.630923*, %struct.net.630923** %20, align 8 %22 = getelementptr inbounds %struct.net.630923, %struct.net.630923* %21, i64 0, i32 33, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.631272, %struct.in_device.631272* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %304, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.631313, %struct.net_device.631313* %3, i64 0, i32 34 br label %70 %71 = phi i32 [ %4, %55 ], [ %65, %60 ] %72 = phi i32* [ %56, %55 ], [ %61, %60 ] %73 = or i32 %71, -1610612736 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %75 = load i32, i32* %74, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %77 = load i8, i8* %76, align 2 %78 = tail call i32 bitcast (i32 (%struct.in_device.652711*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.631272*, i32, i32, i8)*)(%struct.in_device.631272* nonnull %15, i32 %48, i32 %75, i8 zeroext %77) #69 %79 = icmp eq i32 %78, 0 %80 = and i32 %73, 2147483647 %81 = select i1 %79, i32 %80, i32 %73 %82 = icmp eq %struct.fib_info.631323* %8, null br i1 %82, label %217, label %83 %84 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 1 %85 = load i8, i8* %84, align 4 %86 = icmp ult i8 %85, 4 br i1 %86, label %217, label %87 %88 = zext i1 %79 to i32 %89 = zext i1 %79 to i8 %90 = load %struct.fib_info.631323*, %struct.fib_info.631323** %7, align 8 %91 = load i32, i32* %47, align 4 br label %107 %108 = phi i32 [ %91, %87 ], [ %48, %101 ] %109 = phi %struct.fib_info.631323* [ %90, %87 ], [ %8, %101 ] %110 = phi i8 [ %89, %87 ], [ %106, %101 ] %111 = phi i32 [ %88, %87 ], [ %105, %101 ] %112 = phi i32 [ %81, %87 ], [ %65, %101 ] %113 = phi i16 [ 5, %87 ], [ %11, %101 ] %114 = phi i32* [ %72, %87 ], [ %61, %101 ] %115 = icmp eq i32 %111, 0 %116 = getelementptr inbounds %struct.fib_result.631327, %struct.fib_result.631327* %0, i64 0, i32 2 %117 = load i8, i8* %116, align 1 %118 = zext i8 %117 to i64 %119 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118 %120 = getelementptr %struct.fib_info.631323, %struct.fib_info.631323* %109, i64 0, i32 16, i64 %118, i32 13 %121 = bitcast %struct.fnhe_hash_bucket.631325** %120 to i64* %122 = load volatile i64, i64* %121, align 8 %123 = icmp eq i64 %122, 0 br i1 %123, label %159, label %124 %125 = inttoptr i64 %122 to %struct.fnhe_hash_bucket.631325* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %126)) #6 to label %131 [label %126], !srcloc !6 %132 = call i64 @siphash_1u32(i32 %108, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %133 = mul i64 %132, 7046029254386353131 %134 = lshr i64 %133, 53 %135 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %125, i64 %134, i32 0 %136 = bitcast %struct.fib_nh_exception.631324** %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = icmp eq i64 %137, 0 br i1 %138, label %159, label %139 %140 = phi i64 [ %157, %155 ], [ %137, %131 ] %141 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %142 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %141, i64 0, i32 2 %143 = load i32, i32* %142, align 4 %144 = icmp eq i32 %143, %108 br i1 %144, label %145, label %155 %146 = inttoptr i64 %140 to %struct.fib_nh_exception.631324* %147 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %146, i64 0, i32 6 %148 = load i64, i64* %147, align 8 %149 = icmp eq i64 %148, 0 br i1 %149, label %159, label %150 %151 = load volatile i64, i64* @jiffies, align 64 %152 = sub i64 %148, %151 %153 = icmp slt i64 %152, 0 br i1 %153, label %154, label %159 call fastcc void @ip_del_fnhe(%struct.fib_nh.631326* %119, i32 %108) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.task_cputime* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh.631326, %struct.fib_nh.631326* %0, i64 0, i32 13 %14 = load %struct.fnhe_hash_bucket.631325*, %struct.fnhe_hash_bucket.631325** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.631325, %struct.fnhe_hash_bucket.631325* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.631324* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.631324* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.631324*, %struct.fib_nh_exception.631324** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.631324* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.631324* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.631324** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.631324* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.631324** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.631324, %struct.fib_nh_exception.631324* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.631321** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.631321* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.590803*)* @dst_dev_put to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* %41) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.631314* %0 to %struct.rtable.631321* %3 = icmp eq %struct.dst_entry.631314* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.631314, %struct.dst_entry.631314* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 %10 = getelementptr inbounds %struct.rtable.631321, %struct.rtable.631321* %2, i64 0, i32 2 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 262144 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.dst_entry.631314, %struct.dst_entry.631314* %0, i64 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.631314*)*)(%struct.dst_entry.631314* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.224955* (i32, i32, i32, i32)*)(i32 32, i32 6291648, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.224955* %26, null br i1 %27, label %56, label %28 %29 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %56 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @skb_put to i8* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %56, label %44 %45 = call %struct.sock.224990* @netlink_getsockbyfilp(%struct.file.225184* nonnull %42) #69 %46 = and i64 %40, 1 %47 = icmp eq i64 %46, 0 br i1 %47, label %49, label %48 %50 = icmp ugt %struct.sock.224990* %45, inttoptr (i64 -4096 to %struct.sock.224990*) br i1 %50, label %51, label %54 store i64 9223372036854775807, i64* %3, align 8 %55 = call i32 @netlink_attachskb(%struct.sock.224990* %45, %struct.sk_buff.224955* nonnull %26, i64* nonnull %3, %struct.sock.224990* null) #69 switch i32 %55, label %56 [ i32 1, label %38 i32 0, label %59 ] %57 = phi %struct.sk_buff.224955* [ %26, %28 ], [ null, %24 ], [ %26, %51 ], [ %26, %38 ], [ null, %54 ] %58 = phi i32 [ -14, %28 ], [ -12, %24 ], [ %53, %51 ], [ -9, %38 ], [ %55, %54 ] br label %186 %187 = phi i32 [ %58, %56 ], [ %183, %180 ] %188 = phi %struct.sk_buff.224955* [ %57, %56 ], [ %181, %180 ] %189 = icmp eq %struct.sk_buff.224955* %188, null br i1 %189, label %191, label %190 call void bitcast (void (%struct.sk_buff.583201*)* @consume_skb to void (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %188) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.583201* %0, null br i1 %2, label %36, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 41, i32 0, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = icmp eq i32 %5, 1 br i1 %6, label %7, label %8, !prof !6, !misexpect !7 %9 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !9 %10 = and i8 %9, 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %36, label %12, !prof !6, !misexpect !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %13)) #6 to label %35 [label %13], !srcloc !10 tail call void @__kfree_skb(%struct.sk_buff.583201* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.583201* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.583278* tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.583278*)*)(%struct.dst_entry.583278* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.224955* (i32, i32, i32, i32)*)(i32 32, i32 6291648, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.224955* %26, null br i1 %27, label %56, label %28 %29 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %56 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @skb_put to i8* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %56, label %44 %45 = call %struct.sock.224990* @netlink_getsockbyfilp(%struct.file.225184* nonnull %42) #69 %46 = and i64 %40, 1 %47 = icmp eq i64 %46, 0 br i1 %47, label %49, label %48 %50 = icmp ugt %struct.sock.224990* %45, inttoptr (i64 -4096 to %struct.sock.224990*) br i1 %50, label %51, label %54 store i64 9223372036854775807, i64* %3, align 8 %55 = call i32 @netlink_attachskb(%struct.sock.224990* %45, %struct.sk_buff.224955* nonnull %26, i64* nonnull %3, %struct.sock.224990* null) #69 switch i32 %55, label %56 [ i32 1, label %38 i32 0, label %59 ] %57 = phi %struct.sk_buff.224955* [ %26, %28 ], [ null, %24 ], [ %26, %51 ], [ %26, %38 ], [ null, %54 ] %58 = phi i32 [ -14, %28 ], [ -12, %24 ], [ %53, %51 ], [ -9, %38 ], [ %55, %54 ] br label %186 %187 = phi i32 [ %58, %56 ], [ %183, %180 ] %188 = phi %struct.sk_buff.224955* [ %57, %56 ], [ %181, %180 ] %189 = icmp eq %struct.sk_buff.224955* %188, null br i1 %189, label %191, label %190 call void bitcast (void (%struct.sk_buff.583201*)* @consume_skb to void (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %188) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.583201* %0, null br i1 %2, label %36, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 41, i32 0, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = icmp eq i32 %5, 1 br i1 %6, label %7, label %8, !prof !6, !misexpect !7 %9 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !9 %10 = and i8 %9, 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %36, label %12, !prof !6, !misexpect !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %13)) #6 to label %35 [label %13], !srcloc !10 tail call void @__kfree_skb(%struct.sk_buff.583201* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.583201* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.583278* tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.583278*)*)(%struct.dst_entry.583278* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.224955* (i32, i32, i32, i32)*)(i32 32, i32 6291648, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.224955* %26, null br i1 %27, label %56, label %28 %29 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %56 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.583201*, i32)* @skb_put to i8* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.225184* %43 = icmp eq i64 %41, 0 br i1 %43, label %56, label %44 %45 = call %struct.sock.224990* @netlink_getsockbyfilp(%struct.file.225184* nonnull %42) #69 %46 = and i64 %40, 1 %47 = icmp eq i64 %46, 0 br i1 %47, label %49, label %48 %50 = icmp ugt %struct.sock.224990* %45, inttoptr (i64 -4096 to %struct.sock.224990*) br i1 %50, label %51, label %54 store i64 9223372036854775807, i64* %3, align 8 %55 = call i32 @netlink_attachskb(%struct.sock.224990* %45, %struct.sk_buff.224955* nonnull %26, i64* nonnull %3, %struct.sock.224990* null) #69 switch i32 %55, label %56 [ i32 1, label %38 i32 0, label %59 ] %57 = phi %struct.sk_buff.224955* [ %26, %28 ], [ null, %24 ], [ %26, %51 ], [ %26, %38 ], [ null, %54 ] %58 = phi i32 [ -14, %28 ], [ -12, %24 ], [ %53, %51 ], [ -9, %38 ], [ %55, %54 ] br label %186 %187 = phi i32 [ %58, %56 ], [ %183, %180 ] %188 = phi %struct.sk_buff.224955* [ %57, %56 ], [ %181, %180 ] %189 = icmp eq %struct.sk_buff.224955* %188, null br i1 %189, label %191, label %190 call void bitcast (void (%struct.sk_buff.583201*)* @consume_skb to void (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %188) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.583201* %0, null br i1 %2, label %36, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 41, i32 0, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = icmp eq i32 %5, 1 br i1 %6, label %7, label %8, !prof !6, !misexpect !7 %9 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09js 111f\0A\09.pushsection .text..refcount\0A111:\09lea $0, %rcx\0A112:\09.byte 0x0f, 0x0b\0A999:\0A\09.pushsection .discard.unreachable\0A\09.long 999b - .\0A\09.popsection\0A\09.popsection\0A113:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (112b) - .\0A .long (113b) - .\0A .long (ex_handler_refcount) - .\0A .popsection\0A\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{cx},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !9 %10 = and i8 %9, 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %36, label %12, !prof !6, !misexpect !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09 .quad 1b, ${2:l}, ${0:c} + ${1:c} \0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.task_cputime* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %13)) #6 to label %35 [label %13], !srcloc !10 tail call void @__kfree_skb(%struct.sk_buff.583201* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.583201* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.583201, %struct.sk_buff.583201* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.583278* tail call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.583278*)*)(%struct.dst_entry.583278* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %0, i64 0, i32 2 %4 = load %struct.inode.225192*, %struct.inode.225192** %3, align 8 %5 = getelementptr %struct.inode.225192, %struct.inode.225192* %4, i64 -1, i32 46 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %8, i64 0, i32 86 %10 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %9, align 64 %11 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid.224670*, %struct.pid.224670** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.224670** %15 = load %struct.pid.224670*, %struct.pid.224670** %14, align 8 %16 = icmp eq %struct.pid.224670* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.224670* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 6, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.224955** %26 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %26, i64 0, i32 39 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.224990** %32 = load %struct.sock.224990*, %struct.sock.224990** %31, align 8 %33 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.224990* %32, %struct.sk_buff.224955* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %150 = icmp eq i64 %148, 0 br i1 %150, label %182, label %151 %152 = and i64 %148, 1 %153 = icmp eq i64 %152, 0 br i1 %153, label %154, label %157 %155 = and i64 %148, -2 %156 = inttoptr i64 %155 to %struct.dst_entry.588901* call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.588901*)*)(%struct.dst_entry.588901* %156) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %150 = icmp eq i64 %148, 0 br i1 %150, label %182, label %151 %152 = and i64 %148, 1 %153 = icmp eq i64 %152, 0 br i1 %153, label %154, label %157 %155 = and i64 %148, -2 %156 = inttoptr i64 %155 to %struct.dst_entry.588901* call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.588901*)*)(%struct.dst_entry.588901* %156) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %150 = icmp eq i64 %148, 0 br i1 %150, label %182, label %151 %152 = and i64 %148, 1 %153 = icmp eq i64 %152, 0 br i1 %153, label %154, label %157 %155 = and i64 %148, -2 %156 = inttoptr i64 %155 to %struct.dst_entry.588901* call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.588901*)*)(%struct.dst_entry.588901* %156) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.225134* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.225134** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.225134**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 96 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 32 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %60, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %191 switch i32 %17, label %60 [ i32 0, label %20 i32 2, label %24 ] %61 = phi %struct.sk_buff.224955* [ %26, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %62 = phi %struct.sock.224990* [ %45, %59 ], [ null, %13 ], [ null, %20 ], [ null, %19 ] %63 = call i64 @__fdget(i32 %0) #69 %64 = and i64 %63, -4 %65 = inttoptr i64 %64 to %struct.file.225184* %66 = icmp eq i64 %64, 0 br i1 %66, label %180, label %67 %68 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 2 %69 = load %struct.inode.225192*, %struct.inode.225192** %68, align 8 %70 = getelementptr inbounds %struct.file.225184, %struct.file.225184* %65, i64 0, i32 3 %71 = load %struct.file_operations.225181*, %struct.file_operations.225181** %70, align 8 %72 = icmp eq %struct.file_operations.225181* %71, @mqueue_file_operations br i1 %72, label %73, label %173, !prof !7, !misexpect !6 %74 = getelementptr %struct.inode.225192, %struct.inode.225192* %69, i64 -1, i32 46 %75 = bitcast i8** %74 to %struct.mqueue_inode_info* %76 = bitcast i8** %74 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %76) #69 %77 = getelementptr inbounds i8*, i8** %74, i64 94 %78 = bitcast i8** %77 to %struct.pid.224670** %79 = load %struct.pid.224670*, %struct.pid.224670** %78, align 8 br i1 %14, label %80, label %118 %81 = getelementptr inbounds %struct.task_struct.225134, %struct.task_struct.225134* %4, i64 0, i32 86 %82 = load %struct.signal_struct.225087*, %struct.signal_struct.225087** %81, align 64 %83 = getelementptr %struct.signal_struct.225087, %struct.signal_struct.225087* %82, i64 0, i32 22, i64 1 %84 = load %struct.pid.224670*, %struct.pid.224670** %83, align 8 %85 = icmp eq %struct.pid.224670* %79, %84 br i1 %85, label %86, label %168 %87 = icmp eq %struct.pid.224670* %79, null br i1 %87, label %105, label %88 %89 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %75, i64 0, i32 6, i32 2 %90 = load i32, i32* %89, align 4 %91 = icmp eq i32 %90, 2 br i1 %91, label %92, label %105 %93 = getelementptr inbounds i8*, i8** %74, i64 99 %94 = bitcast i8** %93 to %struct.sk_buff.224955** %95 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %96 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %95, i64 0, i32 39 %97 = load i8*, i8** %96, align 8 %98 = getelementptr i8, i8* %97, i64 31 store i8 2, i8* %98, align 1 %99 = getelementptr inbounds i8*, i8** %74, i64 98 %100 = bitcast i8** %99 to %struct.sock.224990** %101 = load %struct.sock.224990*, %struct.sock.224990** %100, align 8 %102 = load %struct.sk_buff.224955*, %struct.sk_buff.224955** %94, align 8 %103 = call i32 @netlink_sendskb(%struct.sock.224990* %101, %struct.sk_buff.224955* %102) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.225062*, %struct.net.225062** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.225062* %6, %struct.sk_buff.224955* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.225062, %struct.net.225062* %0, i64 0, i32 42 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %123, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.224990*, %struct.sock.224990** %17, align 8 %19 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %18, i64 0, i32 42 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %123 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %123, label %27 %28 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 38 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 37 %31 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %1, i64 0, i32 39 br label %37 %38 = phi %struct.sock.224990* [ %18, %27 ], [ %122, %121 ] %39 = phi i64 [ %24, %27 ], [ %118, %121 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.224942** %43 = load %struct.net_device.224942*, %struct.net_device.224942** %42, align 8 %44 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.225062*, %struct.net.225062** %44, align 8 %46 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.225062*, %struct.net.225062** %46, align 8 %48 = icmp eq %struct.net.225062* %45, %47 br i1 %48, label %49, label %116 %50 = icmp eq %struct.net_device.224942* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.224942, %struct.net_device.224942* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.224955* bitcast (%struct.sk_buff.583201* (%struct.sk_buff.583201*, i32)* @skb_clone to %struct.sk_buff.224955* (%struct.sk_buff.224955*, i32)*)(%struct.sk_buff.224955* %1, i32 4718624) #69 %78 = icmp eq %struct.sk_buff.224955* %77, null br i1 %78, label %109, label %79 %80 = phi %struct.sk_buff.224955* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.224942* %43, %struct.net_device.224942** %81, align 8 %82 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 0, i32 42 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 31 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.224990, %struct.sock.224990* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 16 %91 = load i32, i32* %90, align 8 %92 = and i32 %91, -8 %93 = or i32 %89, %92 %94 = or i32 %93, 6 store i32 %94, i32* %90, align 8 %95 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 39 %96 = bitcast i8** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 38 %99 = bitcast i8** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = sub i64 %97, %100 %102 = trunc i64 %101 to i16 %103 = getelementptr inbounds %struct.sk_buff.224955, %struct.sk_buff.224955* %80, i64 0, i32 33 store i16 %102, i16* %103, align 4 %104 = tail call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.224955*)*)(%struct.sk_buff.224955* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %150 = icmp eq i64 %148, 0 br i1 %150, label %182, label %151 %152 = and i64 %148, 1 %153 = icmp eq i64 %152, 0 br i1 %153, label %154, label %157 %155 = and i64 %148, -2 %156 = inttoptr i64 %155 to %struct.dst_entry.588901* call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.588901*)*)(%struct.dst_entry.588901* %156) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket.230347, %struct.socket.230347* %0, i64 0, i32 5 %7 = load %struct.sock.230350*, %struct.sock.230350** %6, align 8 %8 = bitcast %struct.msghdr.230061* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %267, label %12 %13 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %267, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 2 br label %31 %32 = phi i32 [ 0, %21 ], [ %52, %109 ] %33 = phi %struct.sk_buff.230326* [ null, %21 ], [ %82, %109 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net.230172*, %struct.net.230172** %24, align 8 %35 = tail call %struct.net_device.230313* bitcast (%struct.net_device.589093* (%struct.net.589001*, i8*)* @dev_get_by_name_rcu to %struct.net_device.230313* (%struct.net.230172*, i8*)*)(%struct.net.230172* %34, i8* %25) #69 %36 = icmp eq %struct.net_device.230313* %35, null br i1 %36, label %262, label %37 %38 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 34 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %262, label %42 %43 = load volatile i64, i64* %26, align 8 %44 = and i64 %43, 2097152 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 35 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %262, label %51 %52 = phi i32 [ %32, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %262, label %63 %64 = icmp eq %struct.sk_buff.230326* %33, null br i1 %64, label %65, label %112 %113 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 42 %114 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 46 %115 = zext i16 %56 to i32 %116 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 39 %117 = load i8*, i8** %116, align 8 %118 = icmp sgt i32 %115, %27 br i1 %118, label %119, label %143, !prof !8, !misexpect !9 %144 = load i32, i32* %113, align 8 %145 = load i16, i16* %114, align 2 %146 = zext i16 %145 to i32 %147 = add i32 %144, %52 %148 = add i32 %147, %146 %149 = zext i32 %148 to i64 %150 = icmp ult i64 %149, %2 br i1 %150, label %151, label %171 %152 = getelementptr inbounds %struct.net_device.230313, %struct.net_device.230313* %35, i64 0, i32 45 %153 = load i16, i16* %152, align 4 %154 = icmp eq i16 %153, 1 br i1 %154, label %155, label %262, !prof !5, !misexpect !6 %156 = bitcast i8** %116 to i64* %157 = load i64, i64* %156, align 8 %158 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = sub i64 %157, %160 %162 = trunc i64 %161 to i16 %163 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 34 store i16 %162, i16* %163, align 2 %164 = inttoptr i64 %160 to i8* %165 = and i64 %161, 65535 %166 = getelementptr i8, i8* %164, i64 %165 %167 = getelementptr inbounds i8, i8* %166, i64 12 %168 = bitcast i8* %167 to i16* %169 = load i16, i16* %168, align 1 %170 = icmp eq i16 %169, 129 br i1 %170, label %171, label %262 %172 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 58 %173 = load i16, i16* %172, align 8 %174 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %174, align 8 %175 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %175, align 8 %176 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %173, i16* %176, align 4 %177 = getelementptr inbounds %struct.msghdr.230061, %struct.msghdr.230061* %1, i64 0, i32 4 %178 = load i64, i64* %177, align 8 %179 = icmp eq i64 %178, 0 br i1 %179, label %186, label %180 %181 = call i32 @sock_cmsg_send(%struct.sock.230350* %7, %struct.msghdr.230061* %1, %struct.sockcm_cookie* nonnull %5) #69 %182 = icmp eq i32 %181, 0 br i1 %182, label %183, label %262, !prof !5, !misexpect !6 %184 = load i64, i64* %174, align 8 %185 = load i16, i16* %176, align 4 br label %186 %187 = phi i16 [ %185, %183 ], [ %173, %171 ] %188 = phi i64 [ %184, %183 ], [ 0, %171 ] %189 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 31 store i16 %22, i16* %189, align 8 %190 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.230313* %35, %struct.net_device.230313** %190, align 8 %191 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 29 %192 = load i32, i32* %191, align 8 %193 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 19 store i32 %192, i32* %193, align 4 %194 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %7, i64 0, i32 30 %195 = load i32, i32* %194, align 4 %196 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 26, i32 0 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 2, i32 0 store i64 %188, i64* %197, align 8 %198 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 1, i32 0 %199 = load %struct.sock.230350*, %struct.sock.230350** %198, align 8 %200 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 38 %201 = load i8*, i8** %200, align 8 %202 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 37 %203 = load i32, i32* %202, align 4 %204 = zext i32 %203 to i64 %205 = getelementptr i8, i8* %201, i64 %204 %206 = getelementptr inbounds i8, i8* %205, i64 3 %207 = getelementptr inbounds i8, i8* %205, i64 28 %208 = bitcast i8* %207 to i32* %209 = icmp eq i16 %187, 0 br i1 %209, label %220, label %210, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %187, i8* %206) #69 %211 = trunc i16 %187 to i8 %212 = icmp sgt i8 %211, -1 %213 = and i16 %187, 771 %214 = icmp eq i16 %213, 0 %215 = or i1 %214, %212 br i1 %215, label %220, label %216 %217 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 60 %218 = load i32, i32* %217, align 4 %219 = add i32 %218, 1 store i32 %219, i32* %217, align 4 store i32 %218, i32* %208, align 4 br label %220 %221 = getelementptr inbounds %struct.sock.230350, %struct.sock.230350* %199, i64 0, i32 0, i32 13, i32 0 %222 = load volatile i64, i64* %221, align 8 %223 = and i64 %222, 1048576 %224 = icmp eq i64 %223, 0 br i1 %224, label %228, label %225, !prof !5, !misexpect !6 %229 = icmp eq i32 %52, 4 br i1 %229, label %230, label %234, !prof !8, !misexpect !6 %231 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 16 %232 = load i32, i32* %231, align 8 %233 = or i32 %232, 4096 store i32 %233, i32* %231, align 8 br label %234 %235 = bitcast %struct.flow_keys_basic* %4 to i8* %236 = getelementptr inbounds %struct.sk_buff.230326, %struct.sk_buff.230326* %33, i64 0, i32 32 %237 = load i16, i16* %236, align 2 %238 = icmp eq i16 %237, -1 br i1 %238, label %239, label %260 %240 = call zeroext i1 bitcast (i1 (%struct.sk_buff.587842*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.sk_buff.230326*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.sk_buff.230326* nonnull %33, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %235, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #69 br i1 %240, label %241, label %251 %252 = bitcast i8** %116 to i64* %253 = load i64, i64* %252, align 8 %254 = bitcast i8** %200 to i64* %255 = load i64, i64* %254, align 8 %256 = sub i64 %253, %255 %257 = trunc i64 %256 to i16 br label %258 %259 = phi i16 [ %250, %241 ], [ %257, %251 ] store i16 %259, i16* %236, align 2 br label %260 %261 = call i32 bitcast (i32 (%struct.sk_buff.589108*)* @dev_queue_xmit to i32 (%struct.sk_buff.230326*)*)(%struct.sk_buff.230326* nonnull %33) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.589108* %0, %struct.net_device.589093* null) #69 Function:__dev_queue_xmit %3 = alloca %struct.sk_buff.589108*, align 8 %4 = alloca %struct.tcphdr, align 4 %5 = alloca %struct.winsize, align 2 %6 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %7 = load %struct.net_device.589093*, %struct.net_device.589093** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 39 %9 = bitcast i8** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 38 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = sub i64 %10, %13 %15 = trunc i64 %14 to i16 %16 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 34 store i16 %15, i16* %16, align 2 %17 = inttoptr i64 %13 to i8* %18 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 37 %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = getelementptr i8, i8* %17, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 3 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 64 %25 = icmp eq i8 %24, 0 br i1 %25, label %29, label %26, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %30 = load i8*, i8** %11, align 8 %31 = load i32, i32* %18, align 4 %32 = zext i32 %31 to i64 %33 = getelementptr i8, i8* %30, i64 %32 %34 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 7 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 3, i64 0 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %33, i64 4 %39 = bitcast i8* %38 to i16* %40 = load i16, i16* %39, align 4 %41 = icmp eq i16 %40, 0 br i1 %41, label %139, label %42 %140 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 16 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, -134217729 store i32 %142, i32* %140, align 8 %143 = getelementptr inbounds %struct.net_device.589093, %struct.net_device.589093* %7, i64 0, i32 35 %144 = load i32, i32* %143, align 4 %145 = and i32 %144, 32 %146 = icmp eq i32 %145, 0 %147 = getelementptr inbounds %struct.sk_buff.589108, %struct.sk_buff.589108* %0, i64 0, i32 4, i32 0, i32 0 %148 = load i64, i64* %147, align 8 br i1 %146, label %158, label %149 %150 = icmp eq i64 %148, 0 br i1 %150, label %182, label %151 %152 = and i64 %148, 1 %153 = icmp eq i64 %152, 0 br i1 %153, label %154, label %157 %155 = and i64 %148, -2 %156 = inttoptr i64 %155 to %struct.dst_entry.588901* call void bitcast (void (%struct.dst_entry.590803*)* @dst_release to void (%struct.dst_entry.588901*)*)(%struct.dst_entry.588901* %156) #69 ------------- Good: 856 Bad: 16 Ignored: 1956 Check Use of Function:proc_dostring Use: =BAD PATH= Call Stack: 0 proc_tcp_congestion_control ------------- Path:  Function:proc_tcp_congestion_control %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 -1608 %11 = bitcast i8* %10 to %struct.net.659818* %12 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %13 = bitcast %struct.ctl_table* %7 to i8* %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %12, i8** %14, align 8 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %15, align 8 call void bitcast (void (%struct.net.642286*, i8*)* @tcp_get_default_congestion_control to void (%struct.net.659818*, i8*)*)(%struct.net.659818* %11, i8* nonnull %12) #69 %16 = call i32 @proc_dostring(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 set_default_qdisc ------------- Path:  Function:set_default_qdisc %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %9 = bitcast %struct.ctl_table* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %8, i8** %10, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %11, align 8 call void @qdisc_get_default(i8* nonnull %8, i64 16) #69 %12 = call i32 @proc_dostring(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 numa_zonelist_order_handler ------------- Path:  Function:numa_zonelist_order_handler %6 = icmp eq i32 %1, 0 br i1 %6, label %7, label %9 %8 = tail call i32 @proc_dostring(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uts_string ------------- Path:  Function:proc_do_uts_string %6 = alloca %struct.ctl_table, align 8 %7 = alloca [65 x i8], align 16 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = getelementptr inbounds [65 x i8], [65 x i8]* %7, i64 0, i64 0 %10 = bitcast %struct.ctl_table* %0 to i8* %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %9, i8** %11, align 8 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %15, i64 0, i32 85 %17 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %16, align 8 %18 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %17, i64 0, i32 1 %19 = bitcast %struct.uts_namespace** %18 to i8** %20 = load i8*, i8** %19, align 8 %21 = sub i64 %14, ptrtoint (%struct.uts_namespace* @init_uts_ns to i64) %22 = getelementptr i8, i8* %20, i64 %21 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %23 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uts_string ------------- Path:  Function:proc_do_uts_string %6 = alloca %struct.ctl_table, align 8 %7 = alloca [65 x i8], align 16 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = getelementptr inbounds [65 x i8], [65 x i8]* %7, i64 0, i64 0 %10 = bitcast %struct.ctl_table* %0 to i8* %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %9, i8** %11, align 8 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %15, i64 0, i32 85 %17 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %16, align 8 %18 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %17, i64 0, i32 1 %19 = bitcast %struct.uts_namespace** %18 to i8** %20 = load i8*, i8** %19, align 8 %21 = sub i64 %14, ptrtoint (%struct.uts_namespace* @init_uts_ns to i64) %22 = getelementptr i8, i8* %20, i64 %21 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %23 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uts_string ------------- Path:  Function:proc_do_uts_string %6 = alloca %struct.ctl_table, align 8 %7 = alloca [65 x i8], align 16 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = getelementptr inbounds [65 x i8], [65 x i8]* %7, i64 0, i64 0 %10 = bitcast %struct.ctl_table* %0 to i8* %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %9, i8** %11, align 8 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %15, i64 0, i32 85 %17 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %16, align 8 %18 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %17, i64 0, i32 1 %19 = bitcast %struct.uts_namespace** %18 to i8** %20 = load i8*, i8** %19, align 8 %21 = sub i64 %14, ptrtoint (%struct.uts_namespace* @init_uts_ns to i64) %22 = getelementptr i8, i8* %20, i64 %21 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %23 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uts_string ------------- Path:  Function:proc_do_uts_string %6 = alloca %struct.ctl_table, align 8 %7 = alloca [65 x i8], align 16 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = getelementptr inbounds [65 x i8], [65 x i8]* %7, i64 0, i64 0 %10 = bitcast %struct.ctl_table* %0 to i8* %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %9, i8** %11, align 8 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %15, i64 0, i32 85 %17 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %16, align 8 %18 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %17, i64 0, i32 1 %19 = bitcast %struct.uts_namespace** %18 to i8** %20 = load i8*, i8** %19, align 8 %21 = sub i64 %14, ptrtoint (%struct.uts_namespace* @init_uts_ns to i64) %22 = getelementptr i8, i8* %20, i64 %21 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %23 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uts_string ------------- Path:  Function:proc_do_uts_string %6 = alloca %struct.ctl_table, align 8 %7 = alloca [65 x i8], align 16 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = getelementptr inbounds [65 x i8], [65 x i8]* %7, i64 0, i64 0 %10 = bitcast %struct.ctl_table* %0 to i8* %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %9, i8** %11, align 8 call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = call %struct.task_struct.39605* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.39605** nonnull bitcast (%struct.task_struct.1872** @current_task to %struct.task_struct.39605**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.39605, %struct.task_struct.39605* %15, i64 0, i32 85 %17 = load %struct.nsproxy.39437*, %struct.nsproxy.39437** %16, align 8 %18 = getelementptr inbounds %struct.nsproxy.39437, %struct.nsproxy.39437* %17, i64 0, i32 1 %19 = bitcast %struct.uts_namespace** %18 to i8** %20 = load i8*, i8** %19, align 8 %21 = sub i64 %14, ptrtoint (%struct.uts_namespace* @init_uts_ns to i64) %22 = getelementptr i8, i8* %20, i64 %21 call void bitcast (void (%struct.rw_semaphore.1574*)* @up_read to void (%struct.rw_semaphore.39606*)*)(%struct.rw_semaphore.39606* nonnull @uts_sem) #69 %23 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [52 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [52 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %166, label %12 %167 = getelementptr inbounds [52 x i8], [52 x i8]* %9, i64 0, i64 0 %168 = bitcast %struct.ctl_table* %6 to i8* %169 = load i32, i32* @seccomp_actions_logged, align 4 br label %170 %171 = phi i8** [ getelementptr inbounds ([8 x %struct.anon.102.5387], [8 x %struct.anon.102.5387]* @seccomp_log_names, i64 0, i64 0, i32 1), %166 ], [ %204, %199 ] %172 = phi i8 [ 0, %166 ], [ %202, %199 ] %173 = phi %struct.anon.102.5387* [ getelementptr inbounds ([8 x %struct.anon.102.5387], [8 x %struct.anon.102.5387]* @seccomp_log_names, i64 0, i64 0), %166 ], [ %203, %199 ] %174 = phi i8* [ %167, %166 ], [ %201, %199 ] %175 = phi i64 [ 52, %166 ], [ %200, %199 ] %176 = getelementptr inbounds %struct.anon.102.5387, %struct.anon.102.5387* %173, i64 0, i32 0 %177 = load i32, i32* %176, align 8 %178 = and i32 %177, %169 %179 = icmp eq i32 %178, 0 br i1 %179, label %199, label %180 %181 = and i8 %172, 1 %182 = icmp eq i8 %181, 0 br i1 %182, label %189, label %183 %184 = call i64 @strscpy(i8* %174, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.11.9505, i64 0, i64 0), i64 %175) #69 %185 = icmp slt i64 %184, 0 br i1 %185, label %214, label %186 %187 = getelementptr i8, i8* %174, i64 %184 %188 = sub i64 %175, %184 br label %189 %190 = phi i64 [ %188, %186 ], [ %175, %180 ] %191 = phi i8* [ %187, %186 ], [ %174, %180 ] %192 = phi i8 [ %172, %186 ], [ 1, %180 ] %193 = load i8*, i8** %171, align 8 %194 = call i64 @strscpy(i8* %191, i8* %193, i64 %190) #69 %195 = icmp slt i64 %194, 0 br i1 %195, label %214, label %196 %197 = getelementptr i8, i8* %191, i64 %194 %198 = sub i64 %190, %194 br label %199 %200 = phi i64 [ %198, %196 ], [ %175, %170 ] %201 = phi i8* [ %197, %196 ], [ %174, %170 ] %202 = phi i8 [ %192, %196 ], [ %172, %170 ] %203 = getelementptr %struct.anon.102.5387, %struct.anon.102.5387* %173, i64 1 %204 = getelementptr %struct.anon.102.5387, %struct.anon.102.5387* %173, i64 1, i32 1 %205 = load i8*, i8** %204, align 8 %206 = icmp ne i8* %205, null %207 = icmp ne i64 %200, 0 %208 = and i1 %207, %206 br i1 %208, label %170, label %209 %210 = bitcast %struct.ctl_table* %0 to i8* %211 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %167, i8** %211, align 8 %212 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 52, i32* %212, align 8 %213 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 0, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 devkmsg_sysctl_set_loglvl ------------- Path:  Function:devkmsg_sysctl_set_loglvl %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds [10 x i8], [10 x i8]* %6, i64 0, i64 0 %8 = icmp eq i32 %1, 0 br i1 %8, label %9, label %11 %12 = load i32, i32* @devkmsg_log, align 4 %13 = and i32 %12, 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %36 %16 = call i8* @strncpy(i8* nonnull %7, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @devkmsg_log_str, i64 0, i64 0), i64 10) #70 %17 = call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 devkmsg_sysctl_set_loglvl ------------- Path:  Function:devkmsg_sysctl_set_loglvl %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds [10 x i8], [10 x i8]* %6, i64 0, i64 0 %8 = icmp eq i32 %1, 0 br i1 %8, label %9, label %11 %10 = call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_dostring_coredump ------------- Path:  Function:proc_dostring_coredump %6 = tail call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Good: 10 Bad: 12 Ignored: 0 Check Use of Function:kernel_getsockname Check Use of Function:may_open Check Use of Function:sock_def_write_space Check Use of Function:xprt_unlock_connect Check Use of Function:xs_tcp_write_space Check all other indirect call sites Check callee group: nfs_swap_deactivate Check callee group: nfs_swap_deactivate Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: sr_select_speed Check callee group: sd_pr_reserve dm_pr_reserve Use: =BAD PATH= Call Stack: 0 dm_pr_reserve ------------- Path:  Function:dm_pr_reserve %5 = alloca %struct.block_device.534326*, align 8 %6 = alloca i32, align 4 store %struct.block_device.534326* %0, %struct.block_device.534326** %5, align 8 %7 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %0, i64 0, i32 16 %8 = load %struct.gendisk.534333*, %struct.gendisk.534333** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.mapped_device** %11 = load %struct.mapped_device*, %struct.mapped_device** %10, align 8 %12 = bitcast i32* %6 to i8* %13 = call fastcc i32 @dm_prepare_ioctl(%struct.mapped_device* %11, i32* nonnull %6, %struct.block_device.534326** nonnull %5) #69 %14 = icmp slt i32 %13, 0 br i1 %14, label %30, label %15 %16 = load %struct.block_device.534326*, %struct.block_device.534326** %5, align 8 %17 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %16, i64 0, i32 16 %18 = load %struct.gendisk.534333*, %struct.gendisk.534333** %17, align 8 %19 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %18, i64 0, i32 9 %20 = load %struct.block_device_operations.534329*, %struct.block_device_operations.534329** %19, align 8 %21 = getelementptr inbounds %struct.block_device_operations.534329, %struct.block_device_operations.534329* %20, i64 0, i32 12 %22 = load %struct.pr_ops.534328*, %struct.pr_ops.534328** %21, align 8 %23 = icmp eq %struct.pr_ops.534328* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.pr_ops.534328, %struct.pr_ops.534328* %22, i64 0, i32 1 %26 = load i32 (%struct.block_device.534326*, i64, i32, i32)*, i32 (%struct.block_device.534326*, i64, i32, i32)** %25, align 8 %27 = icmp eq i32 (%struct.block_device.534326*, i64, i32, i32)* %26, null br i1 %27, label %30, label %28 %29 = call i32 %26(%struct.block_device.534326* %16, i64 %1, i32 %2, i32 %3) #70 ------------- Check callee group: sd_pr_release dm_pr_release Use: =BAD PATH= Call Stack: 0 dm_pr_release ------------- Path:  Function:dm_pr_release %4 = alloca %struct.block_device.534326*, align 8 %5 = alloca i32, align 4 store %struct.block_device.534326* %0, %struct.block_device.534326** %4, align 8 %6 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %0, i64 0, i32 16 %7 = load %struct.gendisk.534333*, %struct.gendisk.534333** %6, align 8 %8 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.mapped_device** %10 = load %struct.mapped_device*, %struct.mapped_device** %9, align 8 %11 = bitcast i32* %5 to i8* %12 = call fastcc i32 @dm_prepare_ioctl(%struct.mapped_device* %10, i32* nonnull %5, %struct.block_device.534326** nonnull %4) #69 %13 = icmp slt i32 %12, 0 br i1 %13, label %29, label %14 %15 = load %struct.block_device.534326*, %struct.block_device.534326** %4, align 8 %16 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %15, i64 0, i32 16 %17 = load %struct.gendisk.534333*, %struct.gendisk.534333** %16, align 8 %18 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %17, i64 0, i32 9 %19 = load %struct.block_device_operations.534329*, %struct.block_device_operations.534329** %18, align 8 %20 = getelementptr inbounds %struct.block_device_operations.534329, %struct.block_device_operations.534329* %19, i64 0, i32 12 %21 = load %struct.pr_ops.534328*, %struct.pr_ops.534328** %20, align 8 %22 = icmp eq %struct.pr_ops.534328* %21, null br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.pr_ops.534328, %struct.pr_ops.534328* %21, i64 0, i32 2 %25 = load i32 (%struct.block_device.534326*, i64, i32)*, i32 (%struct.block_device.534326*, i64, i32)** %24, align 8 %26 = icmp eq i32 (%struct.block_device.534326*, i64, i32)* %25, null br i1 %26, label %29, label %27 %28 = call i32 %25(%struct.block_device.534326* %15, i64 %1, i32 %2) #70 ------------- Check callee group: sd_pr_release dm_pr_release Check callee group: sr_packet Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: sr_packet Check callee group: sr_packet Check callee group: nfs_weak_revalidate Check callee group: sr_packet Check callee group: sr_check_events Check callee group: aio_complete_rw Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: mq_find Check callee group: sr_packet Check callee group: bad_inode_atomic_open nfs_atomic_open Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: fifo_init Check callee group: sr_packet Check callee group: aio_complete_rw Check callee group: sr_packet Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: sr_packet Check callee group: sr_packet Check callee group: sd_pr_reserve dm_pr_reserve Check callee group: sr_packet Check callee group: sr_packet Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: sr_audio_ioctl Check callee group: do_ipt_get_ctl do_ip6t_get_ctl Check callee group: bad_inode_rename2 vfat_rename msdos_rename ext4_rename2 simple_rename shmem_rename2 nfs_rename kernfs_iop_rename Check callee group: sr_packet Check callee group: sr_packet Check callee group: i915_driver_open Check callee group: sr_packet Check callee group: sr_check_events Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_get_mcn Check callee group: ipip6_dellink Check callee group: sr_drive_status Check callee group: sr_packet Check callee group: mq_find Check callee group: serial8250_get_mctrl Check callee group: sr_packet Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_lock_door Check callee group: tcp_release_cb ip4_datagram_release_cb ip6_datagram_release_cb Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: random_read_iter hugetlbfs_read_iter urandom_read_iter blkdev_read_iter ext4_file_read_iter generic_file_read_iter pipe_read read_iter_zero shmem_file_read_iter nfs_file_read sock_read_iter read_iter_null Check callee group: lo_ioctl sr_block_ioctl sd_ioctl dm_blk_ioctl md_ioctl Check callee group: sr_packet Check callee group: tcp_release_cb ip4_datagram_release_cb ip6_datagram_release_cb Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: aio_complete_rw Check callee group: serial8250_release_port Check callee group: serial8250_get_mctrl Check callee group: sr_packet Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: sr_packet Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: posix_acl_xattr_get sockfs_xattr_get nfs4_xattr_get_nfs4_acl kernfs_xattr_get shmem_xattr_handler_get ext4_xattr_security_get ext4_xattr_trusted_get ext4_xattr_user_get Check callee group: serial8250_release_port Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: serial8250_release_port Check callee group: _fat_bmap ext4_bmap _isofs_bmap Check callee group: mq_find Check callee group: sr_packet Check callee group: sd_pr_clear dm_pr_clear Check callee group: sr_packet Check callee group: serial8250_verify_port Check callee group: mq_leaf Check callee group: serial8250_pm Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: serial8250_config_port Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: serial8250_pm Check callee group: proc_tgid_base_lookup nfs_lookup ext4_lookup msdos_lookup proc_tid_base_lookup proc_lookupfd autofs_lookup isofs_lookup proc_map_files_lookup proc_tgid_net_lookup bad_inode_lookup kernfs_iop_lookup empty_dir_lookup proc_sys_lookup proc_lookup simple_lookup proc_root_lookup vfat_lookup proc_task_lookup proc_attr_dir_lookup proc_lookupfdinfo proc_ns_dir_lookup Check callee group: sr_reset Check callee group: random_read_iter hugetlbfs_read_iter urandom_read_iter blkdev_read_iter ext4_file_read_iter generic_file_read_iter pipe_read read_iter_zero shmem_file_read_iter nfs_file_read sock_read_iter read_iter_null Check callee group: aio_complete_rw Check callee group: serial8250_release_port Check callee group: ipip6_dellink Check callee group: ipip6_dellink Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sd_pr_register dm_pr_register Check callee group: _fat_bmap ext4_bmap _isofs_bmap Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: bad_inode_rmdir tracefs_syscall_rmdir vfat_rmdir msdos_rmdir simple_rmdir autofs_dir_rmdir ext4_rmdir nfs_rmdir shmem_rmdir kernfs_iop_rmdir Check callee group: tcp_release_cb ip4_datagram_release_cb ip6_datagram_release_cb Check callee group: mq_leaf Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: mq_walk Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: serial8250_pm Check callee group: sr_audio_ioctl Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: sr_packet Check callee group: sr_packet Check callee group: mq_walk Check callee group: bad_inode_create vfat_create nfs_create msdos_create hugetlbfs_create mqueue_create ext4_create ramfs_create shmem_create Check callee group: sr_packet Check callee group: serial8250_pm Check callee group: sr_packet Check callee group: random_read_iter hugetlbfs_read_iter urandom_read_iter blkdev_read_iter ext4_file_read_iter generic_file_read_iter pipe_read read_iter_zero shmem_file_read_iter nfs_file_read sock_read_iter read_iter_null Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: bad_inode_create vfat_create nfs_create msdos_create hugetlbfs_create mqueue_create ext4_create ramfs_create shmem_create Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: serial8250_config_port Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: sr_packet Check callee group: nfs_weak_revalidate Check callee group: sr_drive_status Check callee group: uart_set_ldisc Check callee group: serial8250_pm Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: proc_tgid_base_lookup nfs_lookup ext4_lookup msdos_lookup proc_tid_base_lookup proc_lookupfd autofs_lookup isofs_lookup proc_map_files_lookup proc_tgid_net_lookup bad_inode_lookup kernfs_iop_lookup empty_dir_lookup proc_sys_lookup proc_lookup simple_lookup proc_root_lookup vfat_lookup proc_task_lookup proc_attr_dir_lookup proc_lookupfdinfo proc_ns_dir_lookup Check callee group: ipip6_dellink Check callee group: sr_packet Check callee group: sd_pr_preempt dm_pr_preempt Check callee group: sr_packet Check callee group: sr_packet Check callee group: lo_ioctl sr_block_ioctl sd_ioctl dm_blk_ioctl md_ioctl Use: =BAD PATH= Call Stack: 0 __blkdev_driver_ioctl 1 dm_blk_ioctl ------------- Path:  Function:dm_blk_ioctl %5 = alloca %struct.block_device.534326*, align 8 %6 = alloca i32, align 4 store %struct.block_device.534326* %0, %struct.block_device.534326** %5, align 8 %7 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %0, i64 0, i32 16 %8 = load %struct.gendisk.534333*, %struct.gendisk.534333** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.mapped_device** %11 = load %struct.mapped_device*, %struct.mapped_device** %10, align 8 %12 = bitcast i32* %6 to i8* %13 = call fastcc i32 @dm_prepare_ioctl(%struct.mapped_device* %11, i32* nonnull %6, %struct.block_device.534326** nonnull %5) #69 %14 = icmp slt i32 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %13, 0 br i1 %16, label %19, label %17 %20 = load %struct.block_device.534326*, %struct.block_device.534326** %5, align 8 %21 = call i32 bitcast (i32 (%struct.block_device.258298*, i32, i32, i64)* @__blkdev_driver_ioctl to i32 (%struct.block_device.534326*, i32, i32, i64)*)(%struct.block_device.534326* %20, i32 %1, i32 %2, i64 %3) #70 Function:__blkdev_driver_ioctl %5 = getelementptr inbounds %struct.block_device.258298, %struct.block_device.258298* %0, i64 0, i32 16 %6 = load %struct.gendisk.258180*, %struct.gendisk.258180** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.258180, %struct.gendisk.258180* %6, i64 0, i32 9 %8 = load %struct.block_device_operations.258127*, %struct.block_device_operations.258127** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.258127, %struct.block_device_operations.258127* %8, i64 0, i32 3 %10 = load i32 (%struct.block_device.258298*, i32, i32, i64)*, i32 (%struct.block_device.258298*, i32, i32, i64)** %9, align 8 %11 = icmp eq i32 (%struct.block_device.258298*, i32, i32, i64)* %10, null br i1 %11, label %14, label %12 %13 = tail call i32 %10(%struct.block_device.258298* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 __blkdev_driver_ioctl 1 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.266271, %struct.gendisk.266271* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.266215*, %struct.block_device_operations.266215** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.266215, %struct.block_device_operations.266215* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.266272*, i32, i32, i64)*, i32 (%struct.block_device.266272*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.266272*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %514 = and i64 %2, 4294967295 br label %515 %516 = phi i64 [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %514, %513 ] %517 = tail call i32 bitcast (i32 (%struct.block_device.258298*, i32, i32, i64)* @__blkdev_driver_ioctl to i32 (%struct.block_device.266272*, i32, i32, i64)*)(%struct.block_device.266272* %11, i32 %21, i32 %1, i64 %516) #69 Function:__blkdev_driver_ioctl %5 = getelementptr inbounds %struct.block_device.258298, %struct.block_device.258298* %0, i64 0, i32 16 %6 = load %struct.gendisk.258180*, %struct.gendisk.258180** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.258180, %struct.gendisk.258180* %6, i64 0, i32 9 %8 = load %struct.block_device_operations.258127*, %struct.block_device_operations.258127** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.258127, %struct.block_device_operations.258127* %8, i64 0, i32 3 %10 = load i32 (%struct.block_device.258298*, i32, i32, i64)*, i32 (%struct.block_device.258298*, i32, i32, i64)** %9, align 8 %11 = icmp eq i32 (%struct.block_device.258298*, i32, i32, i64)* %10, null br i1 %11, label %14, label %12 %13 = tail call i32 %10(%struct.block_device.258298* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Check callee group: serial8250_pm Check callee group: sr_packet Check callee group: bad_inode_unlink simple_unlink mqueue_unlink vfat_unlink ext4_unlink msdos_unlink nfs_unlink shmem_unlink autofs_dir_unlink Check callee group: sr_drive_status Check callee group: posix_acl_xattr_get sockfs_xattr_get nfs4_xattr_get_nfs4_acl kernfs_xattr_get shmem_xattr_handler_get ext4_xattr_security_get ext4_xattr_trusted_get ext4_xattr_user_get Check callee group: posix_acl_xattr_get sockfs_xattr_get nfs4_xattr_get_nfs4_acl kernfs_xattr_get shmem_xattr_handler_get ext4_xattr_security_get ext4_xattr_trusted_get ext4_xattr_user_get Check callee group: lo_ioctl sr_block_ioctl sd_ioctl dm_blk_ioctl md_ioctl Use: =BAD PATH= Call Stack: 0 blkdev_ioctl 1 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 19 %6 = load %struct.address_space.266305*, %struct.address_space.266305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.266305, %struct.address_space.266305* %6, i64 0, i32 0 %8 = load %struct.inode.266302*, %struct.inode.266302** %7, align 8 %9 = getelementptr inbounds %struct.inode.266302, %struct.inode.266302* %8, i64 0, i32 42 %10 = bitcast %union.anon.79* %9 to %struct.block_device.266272** %11 = load %struct.block_device.266272*, %struct.block_device.266272** %10, align 8 %12 = getelementptr inbounds %struct.block_device.266272, %struct.block_device.266272* %11, i64 0, i32 16 %13 = load %struct.gendisk.266271*, %struct.gendisk.266271** %12, align 8 %14 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.266081, %struct.file.266081* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %292 = and i64 %2, 4294967295 %293 = tail call i32 bitcast (i32 (%struct.block_device.258298*, i32, i32, i64)* @blkdev_ioctl to i32 (%struct.block_device.266272*, i32, i32, i64)*)(%struct.block_device.266272* %11, i32 %21, i32 %1, i64 %292) #69 Function:blkdev_ioctl %5 = alloca %struct.trampoline_header, align 8 %6 = alloca %struct.trampoline_header, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.arch_uprobe_task, align 8 %9 = alloca %struct.trampoline_header, align 8 %10 = alloca %struct.nfs4_label, align 8 %11 = alloca %struct.blkpg_partition, align 8 %12 = alloca %struct.disk_part_iter, align 8 %13 = alloca %struct.block_device.258298*, align 8 %14 = alloca %struct.arch_uprobe_task, align 8 %15 = alloca %struct.hd_geometry, align 8 %16 = alloca [2 x i64], align 16 switch i32 %2, label %665 [ i32 4705, label %17 i32 4701, label %31 i32 4727, label %55 i32 4733, label %57 i32 4735, label %59 i32 -1072688510, label %675 i32 1074795139, label %675 i32 769, label %93 i32 4707, label %120 i32 4709, label %120 i32 4702, label %132 i32 -2146954640, label %138 i32 4712, label %143 i32 4731, label %158 i32 4728, label %167 i32 4729, label %176 i32 4730, label %185 i32 4732, label %210 i32 4711, label %213 i32 4734, label %224 i32 4706, label %237 i32 4708, label %237 i32 1074270833, label %245 i32 4713, label %277 i32 4703, label %426 i32 4704, label %451 i32 -2146954638, label %460 i32 4724, label %468 i32 4725, label %468 i32 -1069018509, label %468 i32 4726, label %468 i32 1075343560, label %471 i32 1074819273, label %503 i32 1074819274, label %535 i32 1075343563, label %567 i32 1075343564, label %601 i32 1074819277, label %635 ] %666 = getelementptr inbounds %struct.block_device.258298, %struct.block_device.258298* %0, i64 0, i32 16 %667 = load %struct.gendisk.258180*, %struct.gendisk.258180** %666, align 8 %668 = getelementptr inbounds %struct.gendisk.258180, %struct.gendisk.258180* %667, i64 0, i32 9 %669 = load %struct.block_device_operations.258127*, %struct.block_device_operations.258127** %668, align 8 %670 = getelementptr inbounds %struct.block_device_operations.258127, %struct.block_device_operations.258127* %669, i64 0, i32 3 %671 = load i32 (%struct.block_device.258298*, i32, i32, i64)*, i32 (%struct.block_device.258298*, i32, i32, i64)** %670, align 8 %672 = icmp eq i32 (%struct.block_device.258298*, i32, i32, i64)* %671, null br i1 %672, label %675, label %673 %674 = tail call i32 %671(%struct.block_device.258298* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_ioctl 1 block_ioctl ------------- Path:  Function:block_ioctl %4 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %0, i64 0, i32 19 %5 = load %struct.address_space.133508*, %struct.address_space.133508** %4, align 8 %6 = getelementptr inbounds %struct.address_space.133508, %struct.address_space.133508* %5, i64 0, i32 0 %7 = load %struct.inode.133641*, %struct.inode.133641** %6, align 8 %8 = getelementptr %struct.inode.133641, %struct.inode.133641* %7, i64 -1, i32 40 %9 = bitcast %struct.address_space.133508* %8 to %struct.block_device.133500* %10 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %0, i64 0, i32 8 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.file.133631, %struct.file.133631* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = and i32 %11, -65 %15 = lshr i32 %13, 5 %16 = and i32 %15, 64 %17 = or i32 %16, %14 %18 = tail call i32 bitcast (i32 (%struct.block_device.258298*, i32, i32, i64)* @blkdev_ioctl to i32 (%struct.block_device.133500*, i32, i32, i64)*)(%struct.block_device.133500* %9, i32 %17, i32 %1, i64 %2) #69 Function:blkdev_ioctl %5 = alloca %struct.trampoline_header, align 8 %6 = alloca %struct.trampoline_header, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.arch_uprobe_task, align 8 %9 = alloca %struct.trampoline_header, align 8 %10 = alloca %struct.nfs4_label, align 8 %11 = alloca %struct.blkpg_partition, align 8 %12 = alloca %struct.disk_part_iter, align 8 %13 = alloca %struct.block_device.258298*, align 8 %14 = alloca %struct.arch_uprobe_task, align 8 %15 = alloca %struct.hd_geometry, align 8 %16 = alloca [2 x i64], align 16 switch i32 %2, label %665 [ i32 4705, label %17 i32 4701, label %31 i32 4727, label %55 i32 4733, label %57 i32 4735, label %59 i32 -1072688510, label %675 i32 1074795139, label %675 i32 769, label %93 i32 4707, label %120 i32 4709, label %120 i32 4702, label %132 i32 -2146954640, label %138 i32 4712, label %143 i32 4731, label %158 i32 4728, label %167 i32 4729, label %176 i32 4730, label %185 i32 4732, label %210 i32 4711, label %213 i32 4734, label %224 i32 4706, label %237 i32 4708, label %237 i32 1074270833, label %245 i32 4713, label %277 i32 4703, label %426 i32 4704, label %451 i32 -2146954638, label %460 i32 4724, label %468 i32 4725, label %468 i32 -1069018509, label %468 i32 4726, label %468 i32 1075343560, label %471 i32 1074819273, label %503 i32 1074819274, label %535 i32 1075343563, label %567 i32 1075343564, label %601 i32 1074819277, label %635 ] %666 = getelementptr inbounds %struct.block_device.258298, %struct.block_device.258298* %0, i64 0, i32 16 %667 = load %struct.gendisk.258180*, %struct.gendisk.258180** %666, align 8 %668 = getelementptr inbounds %struct.gendisk.258180, %struct.gendisk.258180* %667, i64 0, i32 9 %669 = load %struct.block_device_operations.258127*, %struct.block_device_operations.258127** %668, align 8 %670 = getelementptr inbounds %struct.block_device_operations.258127, %struct.block_device_operations.258127* %669, i64 0, i32 3 %671 = load i32 (%struct.block_device.258298*, i32, i32, i64)*, i32 (%struct.block_device.258298*, i32, i32, i64)** %670, align 8 %672 = icmp eq i32 (%struct.block_device.258298*, i32, i32, i64)* %671, null br i1 %672, label %675, label %673 %674 = tail call i32 %671(%struct.block_device.258298* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Check callee group: sr_get_last_session Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: serial8250_get_mctrl Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: proc_tgid_base_lookup nfs_lookup ext4_lookup msdos_lookup proc_tid_base_lookup proc_lookupfd autofs_lookup isofs_lookup proc_map_files_lookup proc_tgid_net_lookup bad_inode_lookup kernfs_iop_lookup empty_dir_lookup proc_sys_lookup proc_lookup simple_lookup proc_root_lookup vfat_lookup proc_task_lookup proc_attr_dir_lookup proc_lookupfdinfo proc_ns_dir_lookup Check callee group: sr_packet Check callee group: fifo_init Check callee group: mq_find Check callee group: security_shm_associate security_msg_queue_associate security_sem_associate Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: sr_lock_door Check callee group: random_read_iter hugetlbfs_read_iter urandom_read_iter blkdev_read_iter ext4_file_read_iter generic_file_read_iter pipe_read read_iter_zero shmem_file_read_iter nfs_file_read sock_read_iter read_iter_null Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: sr_lock_door Check callee group: sr_packet Check callee group: mq_find Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: n_null_open n_tty_open serport_ldisc_open Check callee group: sr_tray_move Check callee group: sr_packet Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: sr_tray_move Check callee group: sr_tray_move Check callee group: sr_tray_move Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: ipip6_dellink Check callee group: sr_tray_move Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: random_read_iter hugetlbfs_read_iter urandom_read_iter blkdev_read_iter ext4_file_read_iter generic_file_read_iter pipe_read read_iter_zero shmem_file_read_iter nfs_file_read sock_read_iter read_iter_null Check callee group: fifo_init Check callee group: fifo_init Check callee group: aio_complete_rw Check callee group: sr_packet Check callee group: serial8250_release_port Check callee group: sr_check_events Check callee group: sr_packet Check callee group: lo_ioctl sr_block_ioctl sd_ioctl dm_blk_ioctl md_ioctl Check callee group: serial8250_pm Check callee group: fifo_init Check callee group: nfs_swap_activate Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: sr_packet Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 period_store ------------- Path:  Function:period_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = getelementptr inbounds %struct.device.536, %struct.device.536* %0, i64 0, i32 9 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 976 %9 = bitcast i8* %8 to %struct.ptp_clock_info.530675** %10 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %9, align 8 %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %12, align 8 %13 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 1 %16 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %17 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %18 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.6.49169, i64 0, i64 0), i32* %13, i64* %14, i32* %15, i64* %16, i32* %17) #69 %19 = icmp eq i32 %18, 5 br i1 %19, label %20, label %36 %21 = load i32, i32* %13, align 8 %22 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %10, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %21, %23 br i1 %24, label %25, label %36 %26 = load i64, i64* %16, align 8 %27 = icmp ne i64 %26, 0 %28 = load i32, i32* %17, align 8 %29 = icmp ne i32 %28, 0 %30 = or i1 %27, %29 %31 = zext i1 %30 to i32 %32 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %10, i64 0, i32 15 %33 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %32, align 8 %34 = call i32 %33(%struct.ptp_clock_info.530675* %10, %struct.ptp_clock_request* nonnull %5, i32 %31) #70 ------------- Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 extts_enable_store ------------- Path:  Function:extts_enable_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device.536, %struct.device.536* %0, i64 0, i32 9 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds i8, i8* %8, i64 976 %10 = bitcast i8* %9 to %struct.ptp_clock_info.530675** %11 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %10, align 8 %12 = bitcast %struct.ptp_clock_request* %5 to i8* %13 = bitcast i32* %6 to i8* %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %15 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.2.49173, i64 0, i64 0), %union.anon.133.485095* %14, i32* nonnull %6) #69 %16 = icmp eq i32 %15, 2 br i1 %16, label %17, label %31 %18 = bitcast %union.anon.133.485095* %14 to i32* %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %11, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %19, %21 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %11, i64 0, i32 15 %25 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %24, align 8 %26 = load i32, i32* %6, align 4 %27 = icmp ne i32 %26, 0 %28 = zext i1 %27 to i32 %29 = call i32 %25(%struct.ptp_clock_info.530675* %11, %struct.ptp_clock_request* nonnull %5, i32 %28) #70 ------------- Check callee group: sr_packet Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: serial8250_request_port Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: sr_packet Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %51 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %52 = bitcast %union.anon.133.485095* %51 to %struct.ptp_extts_request* %53 = bitcast %union.anon.133.485095* %51 to i8* %54 = inttoptr i64 %2 to i8* %55 = call i64 @_copy_from_user(i8* %53, i8* %54, i64 16) #69 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %248 %58 = bitcast %union.anon.133.485095* %51 to i32* %59 = load i32, i32* %58, align 8 %60 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 4 %61 = load i32, i32* %60, align 8 %62 = icmp ult i32 %59, %61 br i1 %62, label %63, label %248 %64 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 0, i32* %64, align 8 %65 = getelementptr inbounds %struct.ptp_extts_request, %struct.ptp_extts_request* %52, i64 0, i32 1 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1 %68 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %69 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %68, align 8 %70 = call i32 %69(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %67) #69 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl 1 posix_clock_ioctl ------------- Path:  Function:posix_clock_ioctl %4 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.posix_clock** %6 = load %struct.posix_clock*, %struct.posix_clock** %5, align 8 %7 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 3 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.685*)*)(%struct.rw_semaphore.685* %7) #69 %8 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 4 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %21 %12 = icmp eq %struct.posix_clock* %6, null br i1 %12, label %23, label %13 %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 0, i32 5 %15 = load i64 (%struct.posix_clock*, i32, i64)*, i64 (%struct.posix_clock*, i32, i64)** %14, align 8 %16 = icmp eq i64 (%struct.posix_clock*, i32, i64)* %15, null br i1 %16, label %21, label %17 %18 = tail call i64 %15(%struct.posix_clock* nonnull %6, i32 %1, i64 %2) #69 Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %51 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %52 = bitcast %union.anon.133.485095* %51 to %struct.ptp_extts_request* %53 = bitcast %union.anon.133.485095* %51 to i8* %54 = inttoptr i64 %2 to i8* %55 = call i64 @_copy_from_user(i8* %53, i8* %54, i64 16) #69 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %248 %58 = bitcast %union.anon.133.485095* %51 to i32* %59 = load i32, i32* %58, align 8 %60 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 4 %61 = load i32, i32* %60, align 8 %62 = icmp ult i32 %59, %61 br i1 %62, label %63, label %248 %64 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 0, i32* %64, align 8 %65 = getelementptr inbounds %struct.ptp_extts_request, %struct.ptp_extts_request* %52, i64 0, i32 1 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1 %68 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %69 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %68, align 8 %70 = call i32 %69(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %67) #69 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl 1 posix_clock_compat_ioctl ------------- Path:  Function:posix_clock_compat_ioctl %4 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.posix_clock** %6 = load %struct.posix_clock*, %struct.posix_clock** %5, align 8 %7 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 3 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.685*)*)(%struct.rw_semaphore.685* %7) #69 %8 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 4 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %21 %12 = icmp eq %struct.posix_clock* %6, null br i1 %12, label %23, label %13 %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 0, i32 5 %15 = load i64 (%struct.posix_clock*, i32, i64)*, i64 (%struct.posix_clock*, i32, i64)** %14, align 8 %16 = icmp eq i64 (%struct.posix_clock*, i32, i64)* %15, null br i1 %16, label %21, label %17 %18 = tail call i64 %15(%struct.posix_clock* nonnull %6, i32 %1, i64 %2) #69 Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %51 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %52 = bitcast %union.anon.133.485095* %51 to %struct.ptp_extts_request* %53 = bitcast %union.anon.133.485095* %51 to i8* %54 = inttoptr i64 %2 to i8* %55 = call i64 @_copy_from_user(i8* %53, i8* %54, i64 16) #69 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %248 %58 = bitcast %union.anon.133.485095* %51 to i32* %59 = load i32, i32* %58, align 8 %60 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 4 %61 = load i32, i32* %60, align 8 %62 = icmp ult i32 %59, %61 br i1 %62, label %63, label %248 %64 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 0, i32* %64, align 8 %65 = getelementptr inbounds %struct.ptp_extts_request, %struct.ptp_extts_request* %52, i64 0, i32 1 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1 %68 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %69 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %68, align 8 %70 = call i32 %69(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %67) #69 ------------- Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %72 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0 %73 = bitcast %struct.ptp_perout_request* %72 to i8* %74 = inttoptr i64 %2 to i8* %75 = call i64 @_copy_from_user(i8* %73, i8* %74, i64 56) #69 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %248 %78 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 5 %81 = load i32, i32* %80, align 4 %82 = icmp ult i32 %79, %81 br i1 %82, label %83, label %248 %84 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %84, align 8 %85 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %86 = load i64, i64* %85, align 8 %87 = icmp ne i64 %86, 0 %88 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %89 = load i32, i32* %88, align 8 %90 = icmp ne i32 %89, 0 %91 = or i1 %87, %90 %92 = zext i1 %91 to i32 %93 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %94 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %93, align 8 %95 = call i32 %94(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %92) #69 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl 1 posix_clock_ioctl ------------- Path:  Function:posix_clock_ioctl %4 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.posix_clock** %6 = load %struct.posix_clock*, %struct.posix_clock** %5, align 8 %7 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 3 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.685*)*)(%struct.rw_semaphore.685* %7) #69 %8 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 4 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %21 %12 = icmp eq %struct.posix_clock* %6, null br i1 %12, label %23, label %13 %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 0, i32 5 %15 = load i64 (%struct.posix_clock*, i32, i64)*, i64 (%struct.posix_clock*, i32, i64)** %14, align 8 %16 = icmp eq i64 (%struct.posix_clock*, i32, i64)* %15, null br i1 %16, label %21, label %17 %18 = tail call i64 %15(%struct.posix_clock* nonnull %6, i32 %1, i64 %2) #69 Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %72 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0 %73 = bitcast %struct.ptp_perout_request* %72 to i8* %74 = inttoptr i64 %2 to i8* %75 = call i64 @_copy_from_user(i8* %73, i8* %74, i64 56) #69 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %248 %78 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 5 %81 = load i32, i32* %80, align 4 %82 = icmp ult i32 %79, %81 br i1 %82, label %83, label %248 %84 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %84, align 8 %85 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %86 = load i64, i64* %85, align 8 %87 = icmp ne i64 %86, 0 %88 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %89 = load i32, i32* %88, align 8 %90 = icmp ne i32 %89, 0 %91 = or i1 %87, %90 %92 = zext i1 %91 to i32 %93 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %94 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %93, align 8 %95 = call i32 %94(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %92) #69 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl 1 posix_clock_compat_ioctl ------------- Path:  Function:posix_clock_compat_ioctl %4 = getelementptr inbounds %struct.file.725, %struct.file.725* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.posix_clock** %6 = load %struct.posix_clock*, %struct.posix_clock** %5, align 8 %7 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 3 tail call void bitcast (void (%struct.rw_semaphore.1574*)* @down_read to void (%struct.rw_semaphore.685*)*)(%struct.rw_semaphore.685* %7) #69 %8 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 4 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %21 %12 = icmp eq %struct.posix_clock* %6, null br i1 %12, label %23, label %13 %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %6, i64 0, i32 0, i32 5 %15 = load i64 (%struct.posix_clock*, i32, i64)*, i64 (%struct.posix_clock*, i32, i64)** %14, align 8 %16 = icmp eq i64 (%struct.posix_clock*, i32, i64)* %15, null br i1 %16, label %21, label %17 %18 = tail call i64 %15(%struct.posix_clock* nonnull %6, i32 %1, i64 %2) #69 Function:ptp_ioctl %4 = alloca %struct.ptp_clock_caps, align 4 %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca %struct.ptp_sys_offset_precise, align 8 %7 = alloca %struct.ptp_pin_desc, align 4 %8 = alloca %struct.anon.48, align 8 %9 = alloca %struct.task_cputime, align 8 %10 = bitcast %struct.ptp_clock_caps* %4 to i8* %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = bitcast %struct.ptp_sys_offset_precise* %6 to i8* %13 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %7, i64 0, i32 0, i64 0 %14 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %15 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 2 %16 = bitcast i32 (%struct.posix_clock*, %struct.anon.48*)** %15 to %struct.ptp_clock_info.530675** %17 = load %struct.ptp_clock_info.530675*, %struct.ptp_clock_info.530675** %16, align 8 %18 = bitcast %struct.anon.48* %8 to i8* %19 = bitcast %struct.task_cputime* %9 to i8* switch i32 %1, label %248 [ i32 -2142225151, label %20 i32 1074806018, label %50 i32 1077427459, label %71 i32 1074019588, label %96 i32 -1069531896, label %105 i32 1128283397, label %143 i32 -1067434746, label %194 i32 1080048903, label %222 ] %72 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0 %73 = bitcast %struct.ptp_perout_request* %72 to i8* %74 = inttoptr i64 %2 to i8* %75 = call i64 @_copy_from_user(i8* %73, i8* %74, i64 56) #69 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %248 %78 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 5 %81 = load i32, i32* %80, align 4 %82 = icmp ult i32 %79, %81 br i1 %82, label %83, label %248 %84 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %84, align 8 %85 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %86 = load i64, i64* %85, align 8 %87 = icmp ne i64 %86, 0 %88 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %89 = load i32, i32* %88, align 8 %90 = icmp ne i32 %89, 0 %91 = or i1 %87, %90 %92 = zext i1 %91 to i32 %93 = getelementptr inbounds %struct.ptp_clock_info.530675, %struct.ptp_clock_info.530675* %17, i64 0, i32 15 %94 = load i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.530675*, %struct.ptp_clock_request*, i32)** %93, align 8 %95 = call i32 %94(%struct.ptp_clock_info.530675* %17, %struct.ptp_clock_request* nonnull %5, i32 %92) #69 ------------- Check callee group: serial8250_get_mctrl Check callee group: ipip6_newlink Check callee group: serial8250_pm Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: mq_find Check callee group: sr_packet Check callee group: ipip6_dellink Check callee group: sr_lock_door Check callee group: mq_find Check callee group: tcp_release_cb ip4_datagram_release_cb ip6_datagram_release_cb Check callee group: mq_select_queue Check callee group: tcp_abort raw_abort udp_abort Check callee group: mq_find Check callee group: aio_complete_rw Check callee group: mq_find Check callee group: mq_find Check callee group: nfs_weak_revalidate Check callee group: nfs_weak_revalidate Check callee group: nfs_weak_revalidate Check callee group: serial8250_config_port Check callee group: nfs_umount_begin Check callee group: nfs_weak_revalidate Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: sd_pr_preempt dm_pr_preempt Use: =BAD PATH= Call Stack: 0 dm_pr_preempt ------------- Path:  Function:dm_pr_preempt %6 = alloca %struct.block_device.534326*, align 8 %7 = alloca i32, align 4 store %struct.block_device.534326* %0, %struct.block_device.534326** %6, align 8 %8 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %0, i64 0, i32 16 %9 = load %struct.gendisk.534333*, %struct.gendisk.534333** %8, align 8 %10 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.mapped_device** %12 = load %struct.mapped_device*, %struct.mapped_device** %11, align 8 %13 = bitcast i32* %7 to i8* %14 = call fastcc i32 @dm_prepare_ioctl(%struct.mapped_device* %12, i32* nonnull %7, %struct.block_device.534326** nonnull %6) #69 %15 = icmp slt i32 %14, 0 br i1 %15, label %31, label %16 %17 = load %struct.block_device.534326*, %struct.block_device.534326** %6, align 8 %18 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %17, i64 0, i32 16 %19 = load %struct.gendisk.534333*, %struct.gendisk.534333** %18, align 8 %20 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %19, i64 0, i32 9 %21 = load %struct.block_device_operations.534329*, %struct.block_device_operations.534329** %20, align 8 %22 = getelementptr inbounds %struct.block_device_operations.534329, %struct.block_device_operations.534329* %21, i64 0, i32 12 %23 = load %struct.pr_ops.534328*, %struct.pr_ops.534328** %22, align 8 %24 = icmp eq %struct.pr_ops.534328* %23, null br i1 %24, label %31, label %25 %26 = getelementptr inbounds %struct.pr_ops.534328, %struct.pr_ops.534328* %23, i64 0, i32 3 %27 = load i32 (%struct.block_device.534326*, i64, i64, i32, i1)*, i32 (%struct.block_device.534326*, i64, i64, i32, i1)** %26, align 8 %28 = icmp eq i32 (%struct.block_device.534326*, i64, i64, i32, i1)* %27, null br i1 %28, label %31, label %29 %30 = call i32 %27(%struct.block_device.534326* %17, i64 %1, i64 %2, i32 %3, i1 zeroext %4) #70 ------------- Check callee group: sr_audio_ioctl Check callee group: sr_audio_ioctl Check callee group: sr_audio_ioctl Check callee group: do_ipt_get_ctl do_ip6t_get_ctl Check callee group: ipip6_dellink Check callee group: sr_audio_ioctl Check callee group: serial8250_request_port Check callee group: serial8250_request_port Check callee group: sd_pr_preempt dm_pr_preempt Check callee group: aio_complete_rw Check callee group: mq_walk Check callee group: sr_packet Check callee group: mq_walk Check callee group: tid_fd_revalidate vfat_revalidate kernfs_dop_revalidate nfs_lookup_revalidate nfs4_lookup_revalidate proc_net_d_revalidate proc_sys_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate pid_revalidate Check callee group: mq_walk Check callee group: n_null_close n_tty_close serport_ldisc_close Check callee group: sr_lock_door Check callee group: sr_lock_door Check callee group: mq_leaf Check callee group: devkmsg_write random_write_iter blkdev_write_iter ext4_file_write_iter write_iter_null pipe_write generic_file_write_iter sock_write_iter nfs_file_write Check callee group: devkmsg_write random_write_iter blkdev_write_iter ext4_file_write_iter write_iter_null pipe_write generic_file_write_iter sock_write_iter nfs_file_write Check callee group: sd_pr_clear dm_pr_clear Use: =BAD PATH= Call Stack: 0 dm_pr_clear ------------- Path:  Function:dm_pr_clear %3 = alloca %struct.block_device.534326*, align 8 %4 = alloca i32, align 4 store %struct.block_device.534326* %0, %struct.block_device.534326** %3, align 8 %5 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %0, i64 0, i32 16 %6 = load %struct.gendisk.534333*, %struct.gendisk.534333** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %6, i64 0, i32 11 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = bitcast i32* %4 to i8* %11 = call fastcc i32 @dm_prepare_ioctl(%struct.mapped_device* %9, i32* nonnull %4, %struct.block_device.534326** nonnull %3) #69 %12 = icmp slt i32 %11, 0 br i1 %12, label %28, label %13 %14 = load %struct.block_device.534326*, %struct.block_device.534326** %3, align 8 %15 = getelementptr inbounds %struct.block_device.534326, %struct.block_device.534326* %14, i64 0, i32 16 %16 = load %struct.gendisk.534333*, %struct.gendisk.534333** %15, align 8 %17 = getelementptr inbounds %struct.gendisk.534333, %struct.gendisk.534333* %16, i64 0, i32 9 %18 = load %struct.block_device_operations.534329*, %struct.block_device_operations.534329** %17, align 8 %19 = getelementptr inbounds %struct.block_device_operations.534329, %struct.block_device_operations.534329* %18, i64 0, i32 12 %20 = load %struct.pr_ops.534328*, %struct.pr_ops.534328** %19, align 8 %21 = icmp eq %struct.pr_ops.534328* %20, null br i1 %21, label %28, label %22 %23 = getelementptr inbounds %struct.pr_ops.534328, %struct.pr_ops.534328* %20, i64 0, i32 4 %24 = load i32 (%struct.block_device.534326*, i64)*, i32 (%struct.block_device.534326*, i64)** %23, align 8 %25 = icmp eq i32 (%struct.block_device.534326*, i64)* %24, null br i1 %25, label %28, label %26 %27 = call i32 %24(%struct.block_device.534326* %14, i64 %1) #70 ------------- Check callee group: sock_def_write_space xs_tcp_write_space unix_write_space svc_write_space xs_udp_write_space Check callee group: mq_walk Check callee group: devkmsg_write random_write_iter blkdev_write_iter ext4_file_write_iter write_iter_null pipe_write generic_file_write_iter sock_write_iter nfs_file_write Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: devkmsg_write random_write_iter blkdev_write_iter ext4_file_write_iter write_iter_null pipe_write generic_file_write_iter sock_write_iter nfs_file_write Check callee group: sd_pr_register dm_pr_register Good: 368 Bad: 16 Ignored: 241 Thread 0 Done! STOP WATCH[0]: 1020964.846000 ms =NON-Kernel Init Functions= __x64_sys_timerfd_settime __ia32_sys_timerfd_settime trace_vbprintk trace_seq_bprintf trace_bprint_raw ip_options_compile ipv4_link_failure cipso_v4_error genl_rcv nlmsg_notify nfnetlink_send lwt_in_func_proto lwt_xmit_func_proto rtnl_newlink do_setlink rtnl_setlink unix_dgram_sendmsg md_compat_ioctl rtnetlink_init __x64_sys_shmctl ksys_shmctl __ia32_sys_shmctl __ia32_compat_sys_shmctl vfs_setlease ipv6_setsockopt inet6_bind __x64_sys_ioperm __ia32_sys_ioperm __x64_sys_mremap __se_sys_mremap __ia32_sys_mremap do_ip_setsockopt ata_scsi_ioctl __ia32_sys_umount __x64_sys_oldumount inet_bind cn_proc_init snapshot_compat_ioctl ksys_mount __ia32_sys_mount __ia32_compat_sys_mount alloc_file_clone __ia32_sys_ioctl drm_ioctl drm_open __x64_sys_chroot __ia32_sys_chroot hpet_compat_ioctl hpet_ioctl vt_ioctl tty_open __x64_sys_setsockopt __ia32_sys_setsockopt __sys_setsockopt __se_sys_socketcall xs_tcp_set_socket_timeouts xs_tcp_send_request xs_tcp_setup_socket xs_udp_setup_socket svc_addsock svc_setup_socket svc_tcp_create __compat_sys_setsockopt __ia32_compat_sys_socketcall tcp_congestion_default i915_gem_userptr_dmabuf_export tty_ldisc_reinit tty_ldisc_hangup aio_write __x64_sys_io_submit aio_read n_tty_ioctl_helper n_tty_compat_ioctl_helper __x64_sys_mbind __ia32_compat_sys_mbind load_elf_binary load_elf_binary.15697 load_elf_library __x64_sys_mlockall __ia32_sys_mlockall drm_legacy_addbufs lo_ioctl lo_compat_ioctl packet_sendmsg_spkt __x64_sys_seccomp __ia32_sys_seccomp __x64_sys_setuid __ia32_sys_setuid __x64_sys_setuid16 modify_user_hw_breakpoint __ia32_sys_pivot_root __x64_sys_kexec_load __x64_sys_acct __ia32_sys_acct __ia32_compat_sys_adjtimex posix_clock_realtime_adj vfs_dedupe_file_range __ia32_sys_quotactl vmf_insert_mixed_mkwrite __vm_insert_mixed vm_insert_mixed vm_iomap_memory snd_pcm_lib_mmap_iomem pci_mmap_page_range pci_mmap_resource_wc pci_mmap_resource_uc snd_pcm_mmap_data remap_pfn_range snd_pcm_lib_default_mmap vm_insert_pfn_prot vm_insert_pfn vvar_fault set_default_qdisc __x64_sys_remap_file_pages __ia32_sys_remap_file_pages oom_score_adj_write oom_adj_write ext4_claim_free_clusters __x64_sys_migrate_pages __x64_sys_keyctl __se_sys_keyctl __ia32_sys_keyctl ip_setsockopt compat_ip_setsockopt __x64_sys_delete_module autofs_root_compat_ioctl autofs_root_ioctl ptrace_may_access simple_set_acl __ia32_compat_sys_migrate_pages __se_sys_ptrace __ia32_sys_ptrace ptrace_attach __ia32_compat_sys_ptrace vfs_rmdir vfs_rename __ia32_compat_sys_keyctl semctl_down kmsg_release kmsg_open kmsg_poll kmsg_read __x64_sys_init_module __ia32_sys_init_module __x64_sys_mlock __ia32_sys_mlock __x64_sys_mlock2 __ia32_sys_mlock2 vfs_path_lookup filename_lookup path_lookupat __ia32_sys_mkdirat __x64_sys_symlinkat do_symlinkat __x64_sys_rmdir do_rmdir do_symlink clean_path __x64_sys_unlinkat __ia32_sys_unlinkat __x64_sys_unlink __ia32_sys_unlink user_path_at_empty emulate_vsyscall __bad_area_nosemaphore pci_mmap_resource_range mm_fault_error do_page_fault syscall_trace_enter do_syscall_64 do_int80_syscall_32 do_signal ip_options_get_from_user prepare_exit_to_usermode do_fast_syscall_32 __ia32_sys_renameat2 do_renameat2 path_mountpoint user_path_mountpoint_at link_path_walk do_file_open_root uevent_net_rcv lookup_one_len_unlocked sel_write_user ksys_msgget __x64_sys_msgget ip_cmsg_send __ia32_sys_msgget ksys_semget ipcget __ia32_sys_semget msgctl_stat ksys_msgsnd __x64_sys_msgsnd compat_ksys_msgsnd do_msgsnd __x64_sys_msgrcv do_msgrcv uart_port_activate __ia32_compat_sys_msgrcv selinux_inode_getsecctx ksys_semctl ksys_semtimedop compat_ksys_semtimedop __ia32_compat_sys_semtimedop __x64_sys_semop __ia32_sys_semop perf_trace_init perf_uprobe_init __x64_sys_sched_setaffinity __ia32_compat_sys_sched_setaffinity mqueue_create_attr __x64_sys_mq_open proc_loginuid_write sock_do_ioctl compat_sock_ioctl __x64_sys_sethostname __ia32_sys_sethostname __x64_sys_setdomainname __ia32_sys_setdomainname sg_ioctl sg_new_write __x64_sys_setresuid __x64_sys_setresuid16 __ia32_compat_sys_setrlimit __ia32_sys_prlimit64 __x64_sys_setrlimit __ia32_sys_setrlimit __ia32_sys_setregid __x64_sys_setregid16 __ia32_sys_setregid16 hsw_hw_config do_pipe_flags __x64_sys_pipe2 __ia32_sys_pipe2 __x64_sys_pipe create_pipe_files __do_pipe_flags do_pipe2 __x64_sys_setreuid __ia32_sys_setreuid __ia32_sys_setreuid16 scsi_cmd_blk_ioctl cdrom_ioctl __x64_sys_prctl __ia32_sys_setfsgid __x64_sys_setfsgid16 __ia32_sys_setfsgid16 __x64_sys_setfsuid __ia32_sys_setgid16 __x64_sys_timerfd_create __x64_sys_setxattr path_setxattr __vfs_setxattr_locked setxattr __se_sys_fsetxattr __ia32_sys_fsetxattr __x64_sys_removexattr __ia32_sys_removexattr __x64_sys_lremovexattr path_removexattr __ia32_sys_lremovexattr __x64_sys_fremovexattr __vfs_removexattr_locked vfs_removexattr __se_sys_remap_file_pages __se_sys_fremovexattr __ia32_sys_fremovexattr __se_sys_brk __ia32_sys_getxattr __ia32_sys_brk __x64_sys_lgetxattr vfs_getxattr __x64_sys_brk getxattr vfs_getxattr_alloc kill_pid ctrl_alt_del group_send_sig_info it_real_fn __ia32_sys_kill __x64_sys_tgkill __ia32_sys_tgkill __x64_sys_tkill do_tkill __ia32_sys_tkill __x64_sys_rt_sigqueueinfo __x64_sys_epoll_ctl __ia32_sys_rt_sigqueueinfo __x64_sys_rt_tgsigqueueinfo __ia32_sys_rt_tgsigqueueinfo __x64_sys_setresgid __ia32_sys_setresgid __x64_sys_setresgid16 perf_event_create_kernel_counter msgctl_down __x64_sys_perf_event_open __se_sys_perf_event_open __ia32_sys_perf_event_open perf_ioctl __x64_sys_setgroups16 __se_sys_setgroups16 rcu_spawn_gp_kthread sched_set_stop_task cpu_stop_create __se_sys_sched_setscheduler __ia32_sys_sched_setscheduler __x64_sys_sched_setparam __ia32_sys_sched_setparam __x64_sys_sched_setattr __se_sys_sched_setattr normalize_rt_tasks sysrq_handle_unrt __x64_sys_mount mount_single __x64_sys_pivot_root do_rt_tgsigqueueinfo mount_ns mount_nodev mount_bdev expand_stack compat_do_ipt_get_ctl __ia32_compat_sys_x86_clone call_usermodehelper_exec_work __x64_sys_vfork compat_do_ip6t_get_ctl ext4_compat_ioctl __x64_sys_msgctl __ia32_sys_msgctl __ia32_compat_sys_msgctl compat_ksys_msgctl __ia32_sys_linkat __x64_sys_open_by_handle_at __ia32_compat_sys_open_by_handle_at skb_tstamp_tx unmap_pmd_range populate_pmd kcalloc.26580 acpi_tb_create_local_fadt rmqueue_bulk lruvec_init __absent_pages_in_range inherit_event calc_load_nohz_start cpu_load_update_nohz_start calc_load_nohz_stop sched_idle_set_state account_idle_ticks pcpu_cnt_pop_pages try_to_compact_pages adjust_zone_range_for_zone_movable acpi_irq_stats_init acpi_os_table_override printk_percpu_data_ready acpi_gsi_to_irq cpu_load_update_nohz_stop populate_pgd track_pfn_copy copy_hugetlb_page_range __next_mem_range_rev acpi_tb_parse_fadt huge_pmd_share blk_mq_try_issue_list_directly move_freepages_block svc_tcp_accept rmqueue_pcplist try_to_free_pages init_entity_runnable_average ip4_string in_task_stack blk_mq_sched_insert_requests parse_options.30213 svc_udp_create earlycon_init __ia32_sys_semtimedop tty_jobctrl_ioctl zone_spanned_pages_in_node __x64_sys_semtimedop zone_pcp_init dev_hard_start_xmit fpu__copy audit_mark_compare perf_kprobe_init ia32_classify_syscall mq_init_ns sem_init_ns free_ipcs stop_machine_unpark blk_mq_do_dispatch_ctx put_pwq load_ucode_intel_ap sync_global_pgds hugetlb_cow pgdat_init_internals shm_init_ns swapin_readahead acpi_ns_install_node acpi_ev_gpe_initialize should_reclaim_retry __alloc_pages_direct_compact acpi_tb_get_next_table_descriptor wakeup_kswapd __memblock_find_range_top_down pcpu_block_update_hint_alloc acpi_os_install_interrupt_handler copy_page_range __init_cache_modes acpi_tb_verify_checksum __x64_sys_linkat __dump_page mce_gen_pool_init __se_sys_prctl __perf_event_task_sched_out post_init_entity_util_avg hrtimer_get_next_event find_mergeable sched_setscheduler dev_pm_qos_constraints_destroy validate_xmit_skb_list acpi_ev_install_sci_handler in_entry_stack acpi_ns_create_node __clk_get_name flush_tlb_all __split_large_page __cpa_process_fault __ia32_sys_swapoff get_xps_queue dl_change_utilization pmd_free_pte_page _set_memory_wb kcalloc.13011 printk_safe_log_store get_links __mcheck_cpu_cap_init pud_set_huge acpi_tb_validate_temp_table mtrr_type_lookup_variable _set_memory_wt unreserve_highatomic_pageblock srcu_funnel_exp_start sk_filter_uncharge audit_serial dump_cpu_task show_swap_cache_info __x64_sys_setgid16 hugetlb_show_meminfo uprobe_end_dup_mmap ldt_dup_context ___pud_free_tlb ___pte_free_tlb do_linkat dump_page anon_vma_fork __ia32_sys_lgetxattr find_mergeable_anon_vma uprobe_dup_mmap uprobe_start_dup_mmap acpi_ut_create_update_state security_sb_kern_mount kzalloc.23917 acpi_os_get_root_pointer tick_unfreeze __x64_sys_getxattr unlink_file_vma __memblock_find_range_bottom_up _set_memory_wc netlink_proto_init huge_pte_alloc tick_suspend_broadcast kthread_probe_data page_move_anon_rmap __x64_sys_ioctl wp_page_copy finish_mkwrite_fault wb_stat_error migration_entry_wait_huge __swap_count ip6_compressed_string swp_swap_info putback_inactive_pages plist_requeue sbitmap_get_shallow sprint_backtrace ldt_arch_exit_mmap seq_buf_bprintf __mmu_notifier_release rmqueue node_reclaim node_dirty_ok lruvec_lru_size get_cached_acl_rcu posix_acl_permission update_vsyscall next_arg kernfs_new_node crash_save_vmcoreinfo restricted_pointer acpi_tb_override_table purge_fragmented_blocks_allcpus acpi_tb_release_temp_table flush_workqueue_prep_pwqs kill_pgrp anon_vma_interval_tree_iter_first page_get_anon_vma test_clear_page_writeback anon_vma_interval_tree_iter_next move_hugetlb_state account_page_cleaned acpi_ev_init_global_lock_handler tick_nohz_idle_exit percpu_counter_set audit_alloc find_css_set link_css_set zone_reclaimable_pages load_ucode_amd_ap acpi_tb_acquire_temp_table load_mm_ldt.1963 acpi_hw_validate_register __kernel_text_address __up get_callchain_buffers pti_user_pagetable_walk_pmd free_pages_and_swap_cache __e820__mapped_all unmap_vmas copy_cgroup_ns pud_clear_huge register_earlycon calculate_node_totalpages acpi_ut_validate_exception dequeue_skb kprobe_flush_task __unmap_hugepage_range_final kobj_kset_leave native_flush_tlb_others __checkparam_dl radix_tree_node_alloc __ia32_sys_setfsuid16 __perf_event_task_sched_in __dl_clear_params irq_setup_affinity free_vm_area acpi_find_root_pointer arch_get_random_long pm_qos_update_flags kmalloc_slab console_flush_on_panic copy_thread_tls audit_classify_syscall nohz_balance_enter_idle sched_fork perf_try_init_event perf_event_init_task uprobe_clear_state __alloc_bucket_spinlocks copy_pid_ns copy_namespaces radix_tree_tag_get cgroup_can_fork proc_fork_connector mq_clear_sbinfo acpi_os_allocate_zeroed.27496 do_smart_wakeup_zero audit_tree_match auditsc_get_stamp add_swap_count_continuation audit_string_contains_control perf_event_free_task arch_cpu_idle_prepare rcu_needs_cpu tick_nohz_idle_enter __dec_node_state rcu_report_dead acpi_tb_initialize_facs cpuhp_report_idle_dead lwt_seg6local_func_proto cpu_idle_poll cpuidle_enter_s2idle cpuidle_find_deepest_state rq_qos_done arch_cpu_idle_exit __clockevents_switch_state clockevents_program_min_delta shm_exit_ns acpi_install_global_event_handler _set_memory_uc __tick_broadcast_oneshot_control schedule_idle cpuidle_enter prepare_threshold_block snd_pcm_mmap __x64_sys_prlimit64 deferred_error_interrupt_enable rcu_segcblist_first_pend_cb memblock_merge_regions choose_new_asid slab_pad_check pmd_clear_huge put_pwq_unlocked __next_node device_pm_sleep_init __update_load_avg_se mod_zone_page_state dpm_sysfs_add ops_init rtnetlink_rcv device_pm_add devtmpfs_create_node mqueue_create device_initial_probe dmi_check_system schedule_hrtimeout_range_clock __ia32_sys_migrate_pages task_will_free_mem cn_netlink_send_mult blocking_notifier_call_chain try_to_wake_up _raw_read_lock_irqsave new_inode quiet_vmstat pid_task __task_pid_nr_ns calc_global_load kmem_cache_destroy register_handler_proc __ia32_sys_setfsuid sk_free kmem_cache_alloc identify_cpu exit_sem security_sk_free crash_smp_send_stop rcu_irq_enter_irqson vmap_page_range_noflush alloc_pages_current swake_up_one rcu_is_watching audit_log_start memblock_remove_region dump_unreclaimable_slab read_pci_config_16 __ia32_compat_sys_ipc dmi_matches idr_replace acpi_ns_build_internal_name memblock_free blk_update_request wake_up_state calc_wheel_index __ia32_compat_sys_mq_open __dev_pm_qos_read_value drop_sysctl_table exit_mmap kobject_del acpi_ev_create_gpe_block __x64_sys_setreuid16 hugetlb_total_pages acpi_ns_externalize_name reuse_swap_page vscnprintf __pageblock_pfn_to_page is_bad_inode rcu_init_percpu_data check_tsc_unstable acpi_hw_write_multiple schedule_timeout_uninterruptible skip_atoi static_key_disable printk_safe_flush drop_buffers __x64_sys_ioprio_set free_unmap_vmap_area __ia32_compat_sys_quotactl32 arch_release_task_struct idr_get_next do_coredump elv_merge_requests cn_netlink_send mark_oom_victim down_read static_key_slow_inc handle_mm_fault ksys_msgctl ___perf_sw_event __x64_sys_renameat2 get_user_pages_remote __x64_sys_kill __kernfs_setattr put_filesystem read_pci_config jiffies_to_msecs complete_all semctl_main propagate_umount vfs_setxattr __kernfs_create_file tc_action_init filp_close __skb_tstamp_tx fprop_global_init vprintk_emit free_unref_page_list send_sigio register_pernet_operations wb_start_background_writeback pcpu_get_vm_areas cpuset_cpus_allowed_fallback create_task_io_context acpi_os_write_port deactivate_locked_super memblock_alloc_range_nid mtrr_attrib_to_str init_espfix_ap arch_tlbbatch_flush dma_deconfigure bus_for_each_drv blk_mq_sched_dispatch_requests mce_available blk_finish_plug sched_setattr fpstate_init log_store __set_cyc2ns_scale __x64_sys_setfsuid16 perf_iterate_sb __pud_alloc laptop_io_completion __wait_on_bit skb_copy_bits exit_aio request_threaded_irq kthread_unpark truncate_inode_pages_final dump_header clocksource_default_clock sort_extable __setup_irq smp_call_function_many tick_program_event free_reserved_area ktime_get_mono_fast_ns bdev_read_page d_alloc_parallel wait_for_completion_killable __node_distance acpi_ut_update_ref_count tsc_enable_sched_clock do_unblank_screen tracing_stop_tgid_record sget device_bind_driver __clocksource_register_scale housekeeping_test_cpu __do_page_fault __pagevec_lru_add dup_fd dev_queue_xmit_nit add_tracer_options set_task_cpu get_random_u64 slab_bug tick_resume_broadcast put_ctx __sched_setscheduler radix_tree_iter_tag_set rcu_gp_is_normal _raw_read_unlock_irqrestore inc_node_page_state proc_free_inum unregister_shrinker __e820__range_add unregister_console sem_exit_ns mutex_unlock do_mmap __x64_sys_fgetxattr parse_args acpi_tb_parse_root_table kobject_set_name_vargs tracefs_create_file kthread_create_on_node acpi_ut_remove_reference __mpol_equal groups_free add_to_swap put_links acpi_ex_unlink_mutex up_read __nodes_weight.13394 hugetlb_basepage_index __ia32_sys_setgroups text_poke_bp tick_oneshot_mode_active get_order.11326 do_smart_update cleanup_mnt cpumask_next_and perf_event_header__init_id __blk_recalc_rq_segments add_disk_randomness __fsnotify_vfsmount_delete __mutex_lock_slowpath migrate_page_move_mapping blk_dump_rq_flags strscpy acpi_tb_uninstall_table copy_utsname kmem_cache_create mpol_set_nodemask audit_log_n_string __update_load_avg_blocked_se schedule dl_param_changed __x64_sys_rename __blk_mq_delay_run_hw_queue end_page_writeback __acpi_unmap_table vsnprintf strlen __x64_sys_mkdir list_lru_destroy sched_clock_cpu shmem_mapping rpm_resume __ia32_sys_sched_setaffinity irq_startup device_links_unbind_consumers tty_kref_put extract_entropy acpi_tb_validate_rsdp cpu_load_update get_builtin_firmware wait_task_inactive arch_irq_work_raise perf_output_begin __mmu_notifier_change_pte kobj_ns_ops __pti_set_user_pgtbl init_kernel_text vfs_unlink rht_bucket_nested tick_freeze do_set_thread_area isolate_movable_page perf_log_throttle ___pmd_free_tlb rhashtable_destroy get_device_parent d_prune_aliases widen_string compaction_zonelist_suitable clocks_calc_mult_shift put_unbound_pool detect_ht e820__range_remove scan_containers tick_resume number ktime_get_seconds idr_alloc pcpu_block_refresh_hint __kthread_bind try_to_grab_pending vm_brk _raw_spin_lock_irq sysfs_add_file_mode_ns blk_mq_dequeue_from_ctx mp_find_ioapic format_decode acpi_ut_get_event_name blkdev_issue_discard __free_vmap_area __vunmap inat_get_escape_attribute mutex_trylock __vfs_getxattr acpi_ut_get_descriptor_name simple_pin_fs kfree_call_rcu next_zone do_filp_open shmem_init dec_ucount _vm_normal_page wake_up_nohz_cpu rb_insert_color wake_up_bit ida_alloc_range kfree_const hw_breakpoint_event_init __wb_update_bandwidth task_active_pid_ns packet_sendmsg tty_register_ldisc get_page_from_freelist __pagevec_release setup_clear_cpu_cap acpi_clear_event native_set_fixmap print_trailer _get_random_bytes path_openat __request_module resched_curr mce_gen_pool_empty kzalloc.63398 zone_absent_pages_in_node printk tracing_update_buffers __ia32_sys_setresgid16 free_vmap_block rb_erase_cached compact_finished free_kthread_struct set_pte_vaddr blk_mq_queue_tag_busy_iter free_uid page_swapcount complete __x64_sys_setregid sched_setscheduler_nocheck security_task_setscheduler prepare_set memblock_virt_alloc_try_nid_raw __ia32_sys_mbind _dev_warn __radix_tree_create set_tracer_flag __add_to_page_cache_locked free_cgroup_ns unmap_kernel_range_noflush load_mm_ldt.4294 clear_asid_other rcu_segcblist_advance free_irq I_BDEV iomem_map_sanity_check acpi_hw_get_bit_register_info security_capable __ia32_sys_symlink workingset_activation fsnotify_get_group device_register __kmalloc_track_caller ___slab_alloc unhash_mnt __x64_sys_move_pages note_gp_changes add_wait_queue wake_up_klogd slab_out_of_memory __fprop_inc_percpu_max down_write_killable _free_event rb_next init_rescuer wait_for_completion_io acpi_ut_pop_generic_state assoc_array_apply_edit __next_node_in print_tainted __percpu_counter_init __refrigerator kzalloc.10845 x86_read_arch_cap_msr find_suitable_fallback __pte_alloc_kernel blk_status_to_errno validate_xmit_skb irq_to_desc retrigger_next_event smp_call_function_single region_intersects radix_tree_lookup load_elf_library.15698 e820__update_table emergency_restart sched_clock_idle_sleep_event __isolate_lru_page acpi_install_fixed_event_handler skb_clone early_memremap acpi_read_bit_register audit_log_task_context rt_mutex_setprio register_tracer acpi_tb_acquire_table prepare_to_wait_event klist_node_attached kern_unmount wait_for_completion register_sysctl_table __alloc_pages_nodemask idr_get_free strcpy vt_compat_ioctl up_write apply_wqattrs_prepare cpus_read_unlock register_pm_notifier make_alloc_exact lapic_get_maxlvt timerqueue_del sysfs_slab_add set_task_rq_fair remove_hrtimer shmem_read_mapping_page_gfp wait_on_page_bit_common select_fallback_rq init_idle irq_chip_pm_put __x64_sys_sched_setscheduler skb_release_data acpi_os_allocate.27880 cpudl_init kobject_put idr_for_each static_key_slow_inc_cpuslocked percpu_up_write check_multiple_madt set_user_nice hrtimer_init mntget acpi_hw_write_port dec_zone_page_state free_debug_processing acpi_get_override_irq vfs_kern_mount kasprintf vm_unmap_aliases __note_gp_changes __wake_up_locked_key_bookmark __init_rwsem blk_partition_remap find_vm_area ring_buffer_record_disable __early_set_fixmap remove_wait_queue __load_ucode_intel init_scattered_cpuid_features __ia32_sys_move_pages force_quiescent_state __wake_up_common_lock alloc_fdtable driver_deferred_probe_add assoc_array_cancel_edit kern_path_create kobject_uevent string_escape_mem munlock_vma_pages_range find_next_bit flush_work gen_pool_create down_read_killable acpi_ut_acquire_mutex proc_create_single_data acpi_ut_get_node_name move_active_pages_to_lru set_memory_x kern_path_mountpoint add_uevent_var efi_mem_desc_lookup __blk_mq_run_hw_queue dev_vprintk_emit __blk_mq_try_issue_directly siphash_1u64 acpi_ns_get_node __module_get blk_recalc_rq_segments sysfs_create_file_ns unix_compat_ioctl vfree __swap_duplicate mce_register_decode_chain __ia32_compat_sys_msgsnd unregister_filesystem __pm_runtime_barrier pid_ns_prepare_proc do_update_region wakeup_source_destroy ip6_addr_string putback_lru_page ip4_addr_string cont_add tsc_read_refs kmem_cache_create_usercopy rcu_segcblist_pend_cbs switch_mm exit_io_context kobject_uevent_env __cpuhp_setup_state strncmp io_schedule fpu__drop compat_ksys_semctl mntput post_set acpi_tb_validate_table __delayacct_freepages_start bad_area_access_error lru_cache_add_active_or_unevictable pid_vnr static_key_count pcpu_populate_chunk simple_strtol page_is_ram radix_tree_iter_resume radix_tree_delete_item ttwu_stat copy_ipcs console_trylock igrab change_page_attr_set_clr acpi_ns_get_internal_name_length cgroup_update_populated delete_from_swap_cache wait_for_device_probe find_next_zero_bit register_die_notifier kmalloc_order_trace dm_compat_ctl_ioctl show_mem css_has_online_children refcount_dec_and_lock __mod_timer count_subheaders proc_register perf_event__output_id_sample proc_mkdir acpi_ev_initialize_events acpi_ut_add_reference strreplace __printk_safe_enter workqueue_sysfs_register pat_init acpi_ns_detach_object skb_put destroy_workqueue acpi_ut_remove_address_range fill_pud blk_mq_get_tag spp_getpage __jump_label_update kernfs_put kmemdup inode_add_lru inc_nlink acpi_format_exception vm_area_free finish_task_switch queued_write_lock_slowpath acpi_ns_delete_node part_round_stats tick_resume_check_broadcast device_del find_first_bit cpumask_weight kernfs_remove do_munmap mutex_lock_killable truncate_inode_pages_range acpi_ns_attach_object blk_mq_flush_plug_list drain_slots_cache_cpu ___ratelimit sysctl_err get_vm_area_caller restore_reserve_on_error update_wall_time acpi_sci_ioapic_setup timekeeping_advance rcu_eqs_enter netlink_trim blk_insert_flush try_module_get acpi_table_parse_entries_array locks_free_lock netlink_broadcast irq_domain_update_bus_token create_new_namespaces acpi_os_unmap_memory msi_create_irq_domain __flush_work kmem_cache_alloc_node mq_put_mnt defer_console_output acpi_ut_delete_generic_state mutex_lock errseq_set sprint_symbol_no_offset shmem_replace_page dst_release cpumask_weight.9136 kernel_setsockopt __fsnotify_update_child_dentry_flags add_timer_randomness trace_buffered_event_enable __percpu_ref_switch_mode delete_from_page_cache lookup_address_in_pgd sysfs_create_groups lru_cache_add_anon kmem_cache_free pageout acpi_get_table_by_index ntp_get_next_leap dump_stack __wake_up mark_page_accessed __x64_sys_adjtimex __dev_pm_qos_remove_request e820__mapped_any do_mkdirat pwq_dec_nr_in_flight blk_account_io_done lockref_get region_add audit_log_untrustedstring evict clockevents_suspend aio_prep_rw del_timer_sync security_audit_rule_match msg_init_ns oom_kill_process calibrate_delay clockevents_shutdown __ia32_sys_timerfd_create __read_swap_cache_async __delay blk_mq_put_tag key_payload_reserve wake_up_process __async_schedule __radix_tree_lookup kern_mount_data firmware_map_add_entry rcuwait_wake_up irq_shutdown rpm_suspend sprintf _raw_read_lock_bh d_lookup string blk_mq_insert_requests signalfd_cleanup rb_prev rcu_accelerate_cbs __wake_up_sync_key vmacache_update vma_mmu_pagesize acpi_ns_internalize_name __blk_end_request_all __kfree_skb ftrace_set_clr_event flush_tlb_mm_range kobject_init acpi_ut_create_internal_object_dbg close_pdeo pm_qos_read_value bitmap_fold kernel_text_address __warn_printk __bitmap_clear user_disable_single_step acpi_enable unlink_anon_vmas write_inode_now do_set_cpus_allowed mpc_ioapic_id ptep_set_access_flags inactive_list_is_low ptep_clear_flush init_and_link_css region_del migrate_page_states __acpi_osi_setup_darwin radix_tree_maybe_preload_order balance_dirty_pages_ratelimited idr_alloc_u32 cache_disable_0_store load_ucode_ap PageHuge shrink_active_list page_mkclean hugepage_subpool_put_pages perf_pmu_register radix_tree_tagged filemap_fdatawait_range fprop_fraction_percpu device_remove_file __kmem_cache_alias __unmap_hugepage_range nr_iowait_cpu __key_link svc_create_socket earlycon_map profile_init is_trap_insn hugetlb_acct_memory lookup_one_len_common irq_disable __alloc_percpu_gfp i915_gem_execbuffer_ioctl __hrtimer_start_range_ns audit_filter_inodes sysfs_create_dir_ns apply_alternatives elv_rqhash_find sync_rcu_exp_select_cpus ip_options_get clear_sched_clock_stable security_sb_free rt_mutex_adjust_prio_chain dequeue_huge_page_nodemask pagecache_get_page xmit_one sysfs_create_mount_point __mmput __x64_sys_mkdirat security_sb_copy_data acpi_ut_update_object_reference acpi_hw_disable_gpe_block audit_panic ring_buffer_free file_update_time pm_runtime_init osq_unlock acpi_ds_scope_stack_push kvfree install_breakpoint bio_put assoc_array_walk acpi_ns_lookup cpumask_weight.8322 set_tls_desc hugepage_add_new_anon_rmap perf_adjust_period __const_udelay __inc_node_page_state timerqueue_iterate_next do_unlinkat numa_default_policy __x64_sys_socketcall __printk_ratelimit hrtimer_start_range_ns iput __printk_safe_flush __radix_tree_insert __se_sys_setpriority kzalloc.9608 __set_cpus_allowed_ptr sched_dl_overflow acpi_tb_resize_root_table_list reserve_memtype __disk_get_part __tasklet_schedule get_swap_page set_fs_root task_work_add timekeeping_notify huge_pmd_unshare capable alloc_large_system_hash sysfs_create_link i915_gem_execbuffer2_ioctl hrtimer_active __x64_sys_setgroups task_set_jobctl_pending init_currently_empty_zone select_idle_routine congestion_wait __irq_domain_add bvec_alloc efi_runtime_disabled init_dl_task_timer bio_alloc_bioset generic_processor_info acpi_ns_get_node_unlocked nr_context_switches pm_runtime_drop_link __delete_from_page_cache __register_sysctl_paths sysfs_remove_groups acpi_hw_set_mode cleanup_glue_dir llist_add_batch unmap_region blk_rq_init clear_IO_APIC_pin show_free_areas free_pgtables get_cpu_entry_area clear_selection __module_address update_and_free_page insn_get_opcode swap_readpage invert_screen slab_unmergeable save_microcode_patch bust_spinlocks io_submit_one ioremap_cache tty_set_ldisc cgroup_cancel_fork exit_fs ring_buffer_resize __delayacct_blkio_start kstrdup_const blk_delete_timer acpi_os_acquire_lock __lock_page blake2s_update __kthread_create_on_node __remove_mapping try_lookup_one_len __irq_domain_alloc_fwnode get_gate_vma switch_to_new_gdt sched_clock_tick complement_pos unfreeze_partials pagevec_remove_exceptionals dev_printk_emit acpi_get_name uart_parse_earlycon ext4_should_retry_alloc acpi_os_vprintf semctl_setval mntput_no_expire get_order.13577 __percpu_init_rwsem dentry_kill put_dec register_leaf_sysctl_tables __vma_adjust ___alloc_bootmem sched_clock_idle_wakeup_event refresh_cpu_vm_stats strrchr __printk_safe_exit hrtimer_forward bpf_prog_free write_cache_pages sysfs_unmerge_group fragmentation_index __device_attach __alloc_pages_slowpath lru_add_drain_cpu __thaw_task kthread_stop __alloc_percpu sprint_symbol __blk_run_queue queue_rcu_work __ia32_sys_msgsnd idt_setup_from_table part_dec_in_flight memblock_add_range __ia32_compat_sys_timerfd_settime vc_is_sel uart_ioctl cgroup_freezing cea_set_pte __queue_work msleep e820__mapped_all module_put __ia32_sys_oldumount clear_page_dirty_for_io hrtimers_resume trace_buffered_event_disable nla_put do_trace_read_msr ioremap_page_range __ia32_sys_msgrcv device_links_read_lock uprobe_write_opcode uprobe_mmap in_gate_area path_put sock_queue_err_skb alloc_surplus_huge_page ktime_get_with_offset do_read_cache_page __blk_mq_end_request __rb_allocate_pages set_page_dirty insn_rip_relative rbt_memtype_lookup __put_super do_mq_open show_trace_log_lvl deactivate_slab __virt_addr_valid update_rq_clock __writeback_single_inode __put_cred __sbitmap_queue_get __ia32_sys_io_submit add_timer_on insn_get_immediate tag_pages_for_writeback acpi_penalize_sci_irq has_capability_noaudit idr_alloc_cyclic __dentry_kill __percpu_up_read find_microcode_in_initrd bio_will_gap wakeup_kcompactd __ia32_sys_kexec_load wb_wakeup_delayed tick_resume_oneshot __wakeup_flusher_threads_bdi tick_setup_periodic hrtimer_cancel vprintk_func console_unlock atomic_notifier_call_chain __oom_reap_task_mm bstr_printf pcpu_alloc __nodes_weight insn_get_prefixes __ia32_sys_sched_setattr blk_queue_end_tag radix_tree_lookup_slot uevent_net_rcv_skb lookup_one_len __x64_sys_lsetxattr find_vma kernfs_get perf_event_comm unix_seqpacket_sendmsg acpi_ut_initialize_buffer __qdisc_run sysfs_merge_group kill_ioctx acpi_ns_validate_handle acpi_os_allocate_zeroed wake_up_new_task cache_disable_1_store cgroup_setup_root __mmu_notifier_mm_destroy acpi_tb_notify_table unblank_screen shrink_page_list devres_release_all cgroup_fork tick_nohz_idle_restart_tick acpi_ev_get_gpe_xrupt_block kernfs_link_sibling static_key_enable acpi_error perf_event_update_userpage __filemap_fdatawait_range _raw_read_unlock_bh scan_microcode memblock_remove_range update_srbds_msr __lock_page_or_retry sysfs_remove_file_ns blk_finish_request round_jiffies __sk_free shrink_node nla_put_64bit pm_runtime_remove __mmdrop __ia32_sys_lsetxattr find_extend_vma tsc_store_and_check_tsc_adjust vmacache_find bdev_read_only memblock_find_in_range ipc_obtain_object_check shmem_getpage_gfp stop_machine_cpuslocked page_evictable page_add_new_anon_rmap skb_queue_tail smca_get_block_address __show_regs blk_mq_end_request nested_table_free abort_creds sched_setattr_nocheck skb_release_head_state machine_kexec insn_get_length acpi_ut_valid_name_char domain_dirty_limits strsep bio_advance blk_flush_complete_seq ktime_get_update_offsets_now filename_create kfree_skb_list kernfs_create_dir_ns try_to_del_timer_sync generic_make_request __page_mapcount __wake_up_locked cgroup_free int_sqrt scan_swap_map_slots check_object init_srcu_struct acpi_enable_event anon_vma_clone radix_tree_maybe_preload dev_driver_string alloc_pages_vma __trace_bprintk set_memory_nonglobal kmsg_dump audit_uid_comparator mce_read_aux unlock_buffer __next_zones_zonelist __vma_link_rb ctx_sched_out radix_tree_iter_delete task_join_group_stop cpumask_weight.24041 acpi_pm_read_verified get_ksymbol acpi_hw_write tick_check_broadcast_expired copy_user_huge_page skip_spaces __kmalloc restore_boot_irq_mode set_memory_4k set_normalized_timespec64 __percpu_counter_sum device_get_devnode _parse_integer_limit cpu_init mp_save_irq blk_poll init_dl_bw wait_for_common_io __alloc_workqueue_key schedule_hrtimeout __pm_pr_dbg init_timer_key async_schedule __ia32_sys_prctl mempool_alloc __radix_tree_replace bitmap_find_next_zero_area_off do_page_add_anon_rmap intel_init_thermal find_get_entry set_memory_nx cpu_smt_disable __next_mem_pfn_range insn_get_displacement kernfs_find_ns kernel_map_sync_memtype __ia32_sys_lookup_dcookie insn_get_modrm alloc_fresh_huge_page sbitmap_any_bit_set ttwu_do_wakeup syscall_return_slowpath sched_clock_stable __blk_end_request hrtimer_reprogram slab_is_available apply_microcode_early vma_interval_tree_iter_next __se_sys_io_submit ioremap_nocache proc_mkdir_mode __fsnotify_parent prandom_u32 pm_qos_sysfs_remove_resume_latency __x64_sys_setpriority set_cpus_allowed_ptr __ring_buffer_alloc sock_zerocopy_put trace_event_enable_cmd_record flush_tlb_kernel_range acpi_ut_valid_nameseg vm_munmap alloc_chunk __key_link_end fifo_open init_cgroup_root sbitmap_queue_clear update_load_avg read_cache_page find_cpio_data page_remove_rmap audit_log_key __flow_hash_from_keys irq_domain_activate_irq default_idle_call get_seccomp_filter proc_alloc_inum __irq_get_desc_lock finish_wait generic_permission mpol_shared_policy_lookup kobject_create_and_add part_in_flight pm_qos_update_target idr_remove gen_pool_alloc_algo down_read_trylock send_sigio_to_task __alloc_bootmem blk_queue_exit blk_flush_plug_list do_mknodat destroy_worker page_vma_mapped_walk bitmap_onto core_kernel_text __elv_add_request audit_put_chunk pmd_set_huge async_synchronize_full allocate_trace_buffers radix_tree_extend __ia32_sys_setresuid trace_printk_init_buffers __reset_isolation_suitable __x64_sys_fsetxattr expand_downwards __alloc_skb file_path acpi_locate_initial_tables inat_get_last_prefix_id cgroup_apply_control_enable task_participate_group_stop panic acpi_bios_error __page_cache_release free_init_pages migrate_prep_local queue_stop_cpus_work printk_safe_flush_on_panic hrtimer_try_to_cancel reweight_task huge_pte_offset acpi_ns_opens_scope vmcoreinfo_append_str flush_tlb_batched_pending is_hpet_enabled put_dec_full8 vt_event_post vsprintf __filemap_set_wb_err __seccomp_filter bio_chain rcu_eqs_exit find_get_entries __vmalloc_node_range skb_checksum down yield do_try_to_free_pages rcu_all_qs acct_clear_integrals next_online_pgdat fsnotify_put_group __x64_sys_symlink workingset_refault key_put io_schedule_timeout clockevents_tick_resume security_key_alloc inode_wait_for_writeback swap_do_scheduled_discard security_file_send_sigiotask down_timeout __schedule_bug nf_conntrack_destroy internal_create_group page_swap_info _cond_resched bt_for_each drain_local_pages __access_remote_vm free_pool_huge_page insn_init smca_configure sort acpi_tb_put_table __srcu_read_unlock anon_vma_interval_tree_insert device_links_driver_cleanup submit_bio_wait assoc_array_insert_set_object reweight_entity __cpuhp_state_add_instance shmem_add_to_page_cache __free_slab do_shrink_slab down_trylock __schedule is_module_text_address alloc_pid prepend_path __memblock_free_early pat_bsp_init mce_gen_pool_add take_dentry_name_snapshot acpi_ut_validate_buffer __x64_sys_fork ptrace_trap_notify release_nodes text_poke _dev_info __ia32_sys_open_by_handle_at mod_delayed_work_on pti_clone_pgtable rpm_idle free_bucket_spinlocks clear_page_mlock __ia32_sys_link follow_page_mask security_vm_enough_memory_mm irq_pm_remove_action fsnotify_recalc_mask schedule_timeout vfree_atomic _raw_spin_lock_bh pagevec_lru_move_fn css_populate_dir __insert_resource wake_up_var keyring_alloc __vma_link_list __key_link_begin key_schedule_gc register_irq_proc key_instantiate_and_link ida_free retain_dentry __percpu_down_read __init_waitqueue_head activate_page isolate_lru_page __page_cache_alloc __setparam_dl acpi_os_release_object audit_match_class device_node_string d_set_d_op put_swap_page perf_compat_ioctl oom_badness mask_irq pcpu_alloc_area vbin_printf free_swap_and_cache jump_label_update krealloc sched_show_task __ia32_sys_renameat blk_mq_run_hw_queue populate_vma_page_range acpi_os_physical_table_override vm_stat_account simple_strtoul pcpu_mem_zalloc vma_dup_policy elv_attempt_insert_merge audit_tree_lookup kobject_get_path reserve_pfn_range acpi_install_table prepare_to_swait_event _credit_init_bits per_cpu_ptr_to_phys swap_duplicate fsnotify_find_mark kernfs_create_link inc_zone_page_state _raw_spin_lock device_wakeup_disable on_each_cpu __pte_alloc __se_sys_kill kernfs_setattr tracing_set_tracer kernfs_activate efi_sync_low_kernel_mappings add_event_to_ctx net_disable_timestamp __add_wb_stat copy_tree sched_ttwu_pending jiffies_to_usecs arch_cpu_idle_enter blk_queue_enter maybe_link sysfs_slab_release set_memory_uc alloc_pages_exact pcpu_chunk_refresh_hint gcd wake_up_and_wait_for_irq_thread_ready cpuset_mems_allowed arch_jump_label_transform microcode_sanity_check kzalloc.55349 special_hex_number add_to_avail_list install_thread_keyring_to_cred debug_locks_off __secpath_destroy __x64_sys_mknodat in_group_p vma_interval_tree_insert rcu_sched_qs set_memory_rw inode_permission exit_creds wake_q_add should_failslab kmem_cache_alloc_trace x86_family d_alloc_anon cgroup_migrate_add_src using_native_sched_clock __mmu_notifier_invalidate_range acpi_ut_release_mutex get_random_bytes slab_err rcu_report_exp_cpu_mult __ns_get_path do_sched_yield __down __static_key_slow_dec_cpuslocked vzalloc rb_erase isolate_migratepages_block put_pid wb_update_dirty_ratelimit lockdep_assert_cpus_held synchronize_rcu_expedited put_seccomp_filter __ftrace_set_clr_event_nolock __irq_domain_activate_irq xlate_dir elv_completed_request free_pcppages_bulk radix_tree_clear_tags acpi_os_release_lock cpumask_any_but wake_up_page_bit __blkdev_issue_discard vma_interval_tree_insert_after device_link_drop_managed acpi_ut_get_type_name __cond_resched_lock __key_instantiate_and_link __local_bh_enable_ip task_work_run cpuset_print_current_mems_allowed get_zeroed_page cpupri_init klist_add_tail __ia32_sys_mkdir list_lru_del memblock_alloc_nid try_to_unmap bio_devname __first_node acpi_hw_read module_address_lookup acpi_hw_get_mode sysfs_remove_group alloc_desc strcmp __ftrace_vbprintk set_rq_online __register_sysctl_table inc_ucount tk_set_wall_to_mono acpi_ns_remove_node acpi_os_delete_semaphore attempt_merge huge_node sk_destruct free_swap_slot sk_filter_trim_cap tick_nohz_tick_stopped housekeeping_any_cpu dmi_match ip6_string __d_alloc __swp_swapcount alloc_unbound_pwq acpi_tb_invalidate_table kick_process prepare_to_wait_exclusive __ia32_sys_delete_module __ia32_sys_mknod pud_huge get_random_u32 print_track add_to_page_cache_lru __ioremap_caller put_task_stack queued_read_lock_slowpath schedule_preempt_disabled kernfs_notify mnt_change_mountpoint optimize_nops vmalloc_to_page kill_rules __delayacct_tsk_init set_secondary_fwnode mutex_spin_on_owner cpuhp_issue_call print_prefix msg_print_ext_body acpi_enable_subsystem memchr irq_domain_create_hierarchy kvasprintf __unwind_start dev_pm_enable_wake_irq_check __x64_sys_link __get_user_pages numa_nodemask_from_meminfo rb_insert_color_cached selinux_capable raw_notifier_call_chain acpi_os_stall net_ratelimit linear_hugepage_index __mutex_unlock_slowpath compact_zone __insert_vmap_area wake_up_q cyc2ns_read_begin acpi_hw_register_write ksys_msgrcv do_set_mempolicy to_ratio unix_stream_sendmsg __bitmap_weight rq_attach_root get_acl acpi_ut_create_generic_state kmem_cache_flags pagevec_lookup_entries queued_spin_lock_slowpath rcu_jiffies_till_stall_check radix_tree_tag_clear xfrm_netlink_rcv rmap_walk_anon reset_vma_resv_huge_pages timekeeping_resume tracing_stop_cmdline_record klist_dec_and_del __x64_sys_semget change_mnt_propagation __inc_zone_state set_page_dirty_lock early_pci_allowed __ia32_sys_pipe put_cred_rcu irq_chip_pm_get acpi_tb_init_table_descriptor memcmp kernfs_create_root current_is_async page_referenced proc_entry_rundown proc_create_data alternatives_smp_module_add __detach_mounts rcu_segcblist_accelerate netlink_broadcast_filtered fsnotify proc_remove __dec_node_page_state timerqueue_add umount_tree on_freelist __kill_pgrp_info queue_delayed_work_on vm_brk_flags _raw_spin_unlock_bh sysfs_notify acpi_os_signal_semaphore irq_activate locks_get_lock_context __mutex_lock truncate_exceptional_pvec_entries __x64_sys_setfsgid task_curr __ia32_sys_adjtimex calculate_sizes acpi_ns_build_normalized_path audit_log_vformat __x64_sys_ptrace kobject_get_ownership __inc_node_state vprintk get_symbol_pos acpi_ut_delete_object_desc __get_locked_pte rcu_report_qs_rnp put_ipc_ns __netdev_pick_tx kmalloc_array.9659 ttwu_queue_remote set_fs_pwd bio_endio apply_wqattrs_commit pktsched_init __put_page cancel_work_sync tracepoint_add_func ns_to_timespec64 check_bytes_and_report __percpu_counter_compare print_hex_dump node_random p4d_clear_bad kobj_map_init rb_first get_fs_type flush_workqueue nr_free_buffer_pages memblock_isolate_range __blk_mq_requeue_request is_subdir __blk_put_request map_ldt_struct pin_insert_group do_rt_sigqueueinfo acpi_ns_delete_children __split_vma blk_attempt_req_merge acpi_ut_valid_object_type queue_work_on ext4_ioctl try_to_free_swap acpi_ns_search_and_enter user_path_create perf_event_mmap netlink_has_listeners __ia32_sys_setresuid16 hpet_readl file_ns_capable alloc_file_pseudo bus_add_device acpi_ns_get_secondary_object skb_over_panic dev_queue_xmit copy_process __send_signal pwq_activate_first_delayed rcu_irq_exit_irqson netlink_deliver_tap __page_file_index huge_add_to_page_cache irq_domain_free_fwnode kvasprintf_const ioremap_change_attr cgroup_post_fork get_task_io_context __bitmap_set update_curr __ia32_sys_setgroups16 unregister_sysctl_table filename_parentat consume_skb tasklet_kill timer_reduce kernfs_create_empty_dir __migration_entry_wait inat_get_opcode_attribute printk_deferred _raw_spin_unlock_irqrestore idr_find try_to_release_page drain_all_pages unlock_page machine_crash_shutdown first_online_pgdat skb_under_panic save_stack_trace wakeup_flusher_threads delete_node early_iounmap cpumask_weight.7518 ctx_sched_in acpi_table_parse security_prepare_creds uprobe_copy_process gen_pool_destroy sock_diag_broadcast_destroy tk_debug_account_sleep_time __ia32_sys_setpriority move_queued_task rb_allocate_cpu_buffer pointer call_usermodehelper_setup blake2s_compress_generic rcu_segcblist_enqueue cpuidle_not_available get_slabinfo security_inode_getsecid __oom_kill_process msg_exit_ns vma_interval_tree_iter_first do_trace_write_msr exit_task_namespaces __destroy_inode acpi_os_printf rcu_exp_wait_wake synchronize_srcu __udelay compat_ksys_msgrcv device_links_read_unlock _raw_write_lock build_attr cmci_discover acpi_os_write_memory __siphash_unaligned unwind_get_return_address free_pages scnprintf __irq_set_trigger pcpu_create_chunk enter_lazy_tlb new_inode_pseudo profile_hits stop_one_cpu arch_perf_update_userpage print_modules warn_alloc page_anon_vma trace_event_follow_fork klist_next prepare_to_wait clear_huge_page trace_clock_local __add_to_swap_cache nsec_to_clock_t acpi_os_map_memory prot_none_pte_entry irq_do_set_affinity dentry_unlink_inode in_lock_functions free_unref_page elv_put_request ida_remove ktime_get mapping_tagged si_mem_available radix_tree_next_chunk __put_anon_vma fsnotify_destroy_marks acpi_tb_checksum rcu_cpu_starting srcu_gp_start swapcache_prepare __dec_zone_state cpudl_cleanup compat_ksys_shmctl memblock_virt_alloc_internal bad_area_nosemaphore rotate_reclaimable_page housekeeping_cpumask memblock_virt_alloc_try_nid_nopanic generic_exec_single kthread_data acpi_exception pgd_alloc __do_once_start dma_common_mmap device_remove_properties find_lock_entry ring_buffer_attach node_page_state cpumask_weight.5997 on_each_cpu_cond cpumask_next cpuhp_online_idle kernfs_destroy_root fsnotify_put_mark cpumask_weight.5473 __pm_runtime_resume free_percpu remove_vm_area __proc_create blk_mq_in_flight i915_gem_userptr_ioctl bitmap_ord_to_pos proc_symlink acpi_osi_setup irq_set_affinity_locked __follow_pte_pmd __free_pages_bootmem memchr_inv tsx_enable cpumask_weight.6934 tsx_disable __early_pfn_to_nid pm_qos_sysfs_remove_flags klist_remove security_release_secctx mce_intel_feature_init tcp_setsockopt acpi_hw_register_read cpus_read_lock apply_wqattrs_cleanup attach_pid submit_bio __cgroup_account_cputime get_cmdline kill_fasync register_pernet_subsys audit_remove_mark arch_jump_label_transform_static list_sort acpi_table_parse_madt __radix_tree_delete __save_stack_trace walk_system_ram_range _raw_spin_trylock memunmap ktime_get_real_seconds acpi_ut_push_generic_state __clocksource_update_freq_scale acpi_os_create_semaphore sock_zerocopy_realloc pmu_dev_alloc acpi_info free_memtype find_first_zero_bit ring_buffer_normalize_time_stamp acpi_write_bit_register unwind_next_frame trace_set_options __ia32_sys_rename integrity_inode_free tracepoint_probe_unregister static_key_slow_dec __ia32_sys_mknodat kvmalloc_node match_string strim acpi_os_read_memory set_origin locks_remove_posix fpu__init_cpu sync_global_pgds_l4 fsnotify_get_mark prctl_set_seccomp irq_domain_deactivate_irq __ftrace_event_enable_disable tracing_reset_online_cpus __mcheck_cpu_init_clear_banks determine_cpu_tsc_frequencies put_callchain_buffers __ia32_sys_socketcall blk_mq_flush_busy_ctxs ring_buffer_record_enable ring_buffer_reset_cpu ring_buffer_time_stamp rb_set_head_page sysfs_warn_dup __audit_inode_child mnt_pin_kill audit_copy_inode pgd_free pm_runtime_reinit d_instantiate security_d_instantiate current_time acpi_warning extend_brk simple_release_fs apply_workqueue_attrs_locked memblock_reserve __lookup_mnt inode_init_always initialize_tlbstate_and_flush __mark_inode_dirty __lookup_slow audit_log_name group_pin_kill region_chg lockref_get_not_dead munlock_vma_page kernfs_remove_by_name_ns audit_watch_compare x86_stepping __d_lookup_rcu memblock_search_pfn_nid __cpuhp_remove_state_cpuslocked ksize d_invalidate osq_lock kernel_migrate_pages out_of_memory klist_init show_workqueue_state mnt_release_group_id local_touch_nmi d_walk __se_sys_prlimit64 ktime_get_coarse_real_ts64 tracefs_create_dir disable_err_thresholding __create_dir rcu_gp_is_expedited tracing_set_clock security_inode_permission ring_buffer_set_clock iounmap __qdisc_calculate_pkt_len ring_buffer_record_off _raw_spin_lock_irqsave memremap ioremap_wc __srcu_read_lock __mod_zone_page_state fprop_reflect_period_percpu cpumask_weight.8480 radix_tree_iter_tag_clear bpf_prog_destroy do_clear_cpu_cap put_io_context subtract_range __ia32_sys_setxattr __mcheck_cpu_init_generic tracing_start_tgid_record size_to_hstate machine_check_poll __purge_vmap_area_lazy __ktime_get_real_seconds ioprio_best mempool_free name_to_int audit_log_pid_context sysfs_remove_link rcu_sync_exit pcpu_free_area snprintf __pm_runtime_idle device_unregister device_create_file mod_node_page_state __update_load_avg_cfs_rq ntp_clear device_add __d_lookup_done swap_free bdev_name bus_probe_device capable_wrt_inode_uidgid device_add_groups __mpol_dup device_initialize __kmalloc_node_track_caller bcmp memblock_alloc_base create_worker __add_preferred_console __x64_sys_mknod worker_enter_idle pmd_huge __vmalloc_node_flags_caller perf_swevent_event percpu_ref_exit perf_output_end clocksource_stop_suspend_timing perf_output_copy copy_creds add_wait_queue_exclusive rhashtable_init tk_setup_internals timekeeping_max_deferment kobject_add_internal acpi_ev_delete_gpe_block tick_nohz_next_event sysfs_do_create_link_sd pte_alloc_one bug_at truncate_cleanup_page key_user_lookup set_intr_gate klist_del get_device free_pid fold_diff driver_bound arch_vma_name in_sched_functions check_slab drop_collected_mounts tlb_gather_mmu gfp_pfmemalloc_allowed acpi_ut_set_integer_width memblock_double_array fput alloc_vmap_area refcount_dec_not_one compaction_suitable free_pgd_range get_signal memblock_insert_region tracepoint_probe_register security_inode_free kzalloc.3514 tlb_finish_mmu prot_none_hugetlb_entry __irq_set_affinity show_stack security_kernel_module_request clocksource_suspend register_filesystem mce_amd_feature_init cpuidle_select setup_APIC_eilvt msr_clear_bit __flip_bit __secure_computing wait_for_common __clocksource_select cpu_startup_entry async_synchronize_cookie_domain do_idle cpuidle_enter_state get_vfs_caps_from_disk tick_broadcast_oneshot_control clockevents_program_event syscall_init autofs_dev_ioctl_compat ___xfrm_state_destroy attach_entity_load_avg efi_switch_mm swap_cluster_readahead mod_timer clockevents_switch_state page_mapped __tick_nohz_idle_restart_tick acpi_ev_delete_gpe_xrupt open_softirq klist_iter_exit put_device tick_do_update_jiffies64 wait_on_page_bit do_timer __irq_put_desc_unlock tsc_verify_tsc_adjust disassociate_ctty fsnotify_init_mark fn_boot_it tick_nohz_stop_tick __synchronize_srcu call_console_drivers __ia32_sys_setuid16 ns_capable get_next_timer_interrupt tick_clock_notify peernet_has_id driver_deferred_probe_del arch_cpu_idle wait_iff_congested find_task_by_pid_ns scsi_cmd_ioctl complete_signal kernel_thread __sigqueue_alloc _do_fork get_task_pid put_pid_ns freezing_slow_path perf_lock_task_context security_add_hooks ptrace_notify ptrace_stop __ia32_compat_sys_rt_tgsigqueueinfo pid_nr_ns prepare_signal dup_mmap __mpol_put init_wait_var_entry untag_chunk bio_add_page crng_make_state __netif_schedule acpi_os_wait_semaphore audit_kill_trees putback_active_hugepage __var_waitqueue perf_group_detach cond_synchronize_rcu page_add_file_rmap get_mm_exe_file __ia32_sys_syslog new_slab irq_work_sync putname __copy_skb_header perf_pmu_enable audit_ctl_unlock audit_ctl_lock __x64_sys_swapon audit_log_exit set_pageblock_migratetype do_wp_page audit_log_n_untrustedstring audit_log_d_path __pskb_pull_tail d_path audit_log_lost audit_log_n_hex __x64_sys_clone send_sig strncpy_from_user blk_start_plug strnlen_user security_secid_to_secctx audit_log_cap pin_kill destroy_context_ldt pageset_set_high_and_batch audit_log_end audit_log_task_info early_ioremap _synchronize_rcu_expedited ___pskb_trim __ia32_compat_sys_lookup_dcookie __early_ioremap visit_groups_merge pskb_expand_head __get_task_comm tty_name __nlmsg_put map_swap_page free_buffer_head __dev_queue_xmit audit_compare_dname_path __get_free_pages unmap_mapping_range sysfs_remove_dir rcu_sync_init audit_filter_rules pm_suspended_storage __do_fault tlb_flush_mmu auditd_test_task wake_const_ops fsnotify_destroy_mark acpi_put_table finish_swait exit_files put_files_struct dnotify_flush perform_atomic_semop fsnotify_free_mark update_queue fsnotify_detach_mark set_swbp strcspn compat_tcp_setsockopt __cpuhp_state_add_instance_cpuslocked exp_funnel_lock check_flush_dependency acpi_os_unmap_iomem free_nsproxy rcu_nmi_exit rht_key_hashfn.56408 put_css_set_locked __free_pages_ok radix_tree_delete acpi_table_initrd_scan perf_pmu_sched_task acpi_tb_install_standard_table put_mnt_ns exit_thread netlink_sendmsg perf_event_fork kobject_get kobject_add perf_event_namespaces d_delete blk_stat_add mac_address_string release_dentry_name_snapshot posix_lock_inode __ptrace_link kobject_init_and_add _raw_write_lock_irq locks_delete_lock_ctx rcu_idle_enter netlink_unicast fat_generic_compat_ioctl setup_net acpi_tb_install_table_with_override ipc_init_ids path_get in_gate_area_no_mm bucket_table_alloc e820_print_type get_cpu_cap gen_pool_add_virt percpu_down_write dentry_free copy_net_ns alloc_set_pte get_pfnblock_flags_mask acpi_ut_valid_internal_object copy_mnt_ns sum_zone_node_page_state device_release_driver_internal put_io_context_active mm_init.4614 inherit_task_group __alloc_memory_core_early __x64_sys_quotactl audit_filter mmput __ia32_sys_epoll_ctl __zone_watermark_ok __tlb_remove_page_size strnlen sock_ioctl __do_once_done rhashtable_free_and_destroy get_task_exe_file clear_cpu_cap strncpy _copy_from_user call_srcu sbitmap_queue_wake_up tracepoint_probe_register_prio do_notify_parent_cldstop __cancel_work_timer constrained_alloc list_del_event __ia32_sys_clone recalc_sigpending is_acpi_device_node clear_inode acpi_os_read_port __ia32_sys_reboot __append_e820_table copy_fs_struct apply_constraint hex_dump_to_buffer plist_add pud_clear_bad __dquot_alloc_space resource_string security_task_getsecid cgroup1_check_for_release plist_del pmd_clear_bad kern_path_locked sb_clear_inode_writeback unregister_handler_proc untrack_pfn atomic_notifier_chain_register get_next_ino zone_batchsize k8_check_syscfg_dram_mod_en kzalloc.5461 __wake_up_parent vunmap_page_range kfree_skb uuid_string dget_parent rcu_barrier threshold_restart_bank tty_ldisc_init device_remove_groups __cpuset_memory_pressure_bump __pmd_alloc __pm_runtime_set_status kernfs_find_and_get_ns __kernfs_remove dump_stack_print_info unaccount_page_cache_page __free_pages __put_net unmap_mapping_pages zap_page_range_single groups_search page_mapping inode_io_list_del early_enable_events flush_tlb_func_common __mmu_notifier_invalidate_range_end unmap_single_vma __mmu_notifier_invalidate_range_start __kmalloc_node lru_add_drain __x64_sys_swapoff local_bh_enable.55505 skb_checksum_help kblockd_mod_delayed_work_on skb_crc32c_csum_help pps_cdev_compat_ioctl __skb_checksum wakeup_source_deactivate tick_broadcast_oneshot_active __skb_gso_segment __dquot_transfer security_task_free acpi_ns_handle_to_pathname skb_mac_gso_segment skb_network_protocol __dev_kfree_skb_any machine_emergency_restart del_timer raise_softirq_irqoff netif_skb_features sch_direct_xmit kexec_crash_loaded up netdev_pick_tx __vma_rb_erase __skb_get_hash semctl_stat alloc_vfsmnt propagate_mount_unlock percpu_ref_init init_wait_entry klist_iter_init_node _dev_err __skb_flow_dissect __ia32_compat_sys_io_submit raise_softirq add_timer perf_event_alloc pat_disable mark_tsc_unstable __ia32_compat_sys_semctl free_area_init_node memmap_init_zone audit_log_format get_pfn_range_for_nid reuseport_detach_sock early_pfn_to_nid hard_smp_processor_id punt_bios_to_rescuer svc_tcp_kill_temp_xprt setup_earlycon cpuhp_invoke_callback register_console simple_strtoull _parse_integer_fixup_radix __mod_node_page_state tick_set_periodic_handler read_pci_config_byte __next_mem_range __cpuhp_setup_state_cpuslocked memparse pit_hpet_ptimer_calibrate_cpu acpi_os_map_iomem device_pm_check_callbacks synchronize_sched_expedited_wait timer_clear_idle x86_model __mnt_want_write_file blk_mq_dispatch_rq_list unmap_mapping_page mp_find_ioapic_pin __x64_sys_umount memblock_setclr_flag pud_free_pmd_page __put_task_struct prepare_creds acpi_match_platform_list memblock_virt_alloc_try_nid strstr __rb_erase_color __tasklet_schedule_common register_reboot_notifier __e820__range_update __msecs_to_jiffies __ia32_sys_ioprio_set lazy_max_pages acpi_tb_print_table_header compute_shiftstate xs_create_sock follow_phys blk_mq_request_bypass_insert kmalloc_array.13590 log_buf_len_update __rb_insert_augmented alloc_debug_processing irq_work_queue early_printk get_fixed_ranges insert_resource update_cache_mode_entry deactivate_super clear_wb_congested kernfs_path_from_node blk_mq_add_to_requeue_list swapcache_free_entries pointer_string second_overflow dev_set_name acpi_get_table memzero_explicit redraw_screen register_lapic_address proc_create_seq_private inat_get_group_attribute cgroup_migrate_prepare_dst e820_end_pfn __ia32_sys_fgetxattr fpu__init_cpu_xstate __jump_label_transform key_alloc get_option add_taint get_stack_info strlcpy tlb_flush_pmd_range zone_watermark_ok_safe pfn_range_is_mapped sysfs_create_group synchronize_sched __d_lookup _raw_read_lock __wait_rcu_gp __free_irq kthread_should_stop pm_runtime_clean_up_links get_task_mm rcu_nmi_enter __get_vm_area_node pagevec_lookup_range_tag find_get_pages_range_tag set_primary_fwnode cgroup_apply_cftypes kobject_synth_uevent kern_path clocksource_mark_unstable mp_override_legacy_irq radix_tree_replace_slot __x64_sys_lookup_dcookie rebind_subsystems cgroup_finalize_control is_console_locked rb_check_pages blk_mq_get_driver_tag disable_irq_nosync cgroup_propagate_control enable_irq __perf_event_account_interrupt cgroup_apply_control inat_get_avx_attribute cgroup_migrate_execute acpi_ut_allocate_object_desc_dbg rcu_sync_enter __audit_free set_pfnblock_flags_mask do_swap_page pr_cont_kernfs_name percpu_counter_add_batch __vm_enough_memory cgroup_rstat_init _rcu_barrier e820__range_add insert_header strchr generic_make_request_checks arch_cpu_idle_dead call_rcu_sched migrate_pages bad_area lru_cache_add kmem_cache_alloc_node_trace __cpuhp_state_remove_instance __cancel_dirty_page rmap_walk rmap_walk_file blocking_notifier_chain_register move_to_new_page __call_rcu migrate_page_copy __perf_event_header__init_id cgroup_addrm_files putback_movable_pages page_frag_free vprintk_default acpi_hw_validate_io_request kallsyms_lookup crng_reseed clocksource_select_watchdog __blk_mq_tag_busy clone_mnt drain_workqueue x86_match_cpu stop_machine lockref_mark_dead skb_push __set_pte_vaddr early_memunmap __set_task_comm __skb_clone group_sched_out skb_copy_ubufs event_sched_out allow_direct_reclaim __sk_destruct add_device_randomness find_last_bit cmci_recheck percpu_ref_kill_and_confirm fcntl_setlease timekeeping_update free_uts_ns cpuacct_charge __ia32_sys_rmdir list_lru_add vzalloc_node rcu_idle_exit netlink_attachskb get_swap_pages bit_waitqueue property_entry_free_data follow_huge_addr device_pm_remove sync_rcu_exp_select_node_cpus cn_cb_equal blk_mq_free_request rb_update_pages css_set_move_task __ia32_sys_semctl alloc_mnt_ns fsnotify_add_mark_locked chacha20_block find_next_and_bit acpi_os_remove_interrupt_handler writeback_single_inode remove_proc_subtree cyc2ns_init_boot_cpu escaped_string rbt_memtype_check_insert compat_ipv6_setsockopt arch_uprobe_analyze_insn __x64_sys_renameat choose_memblock_flags delete_from_page_cache_batch bitmap_string bitmap_list_string device_links_driver_bound hex_string symbol_string queue_unplugged cpuidle_reflect panic_smp_self_stop get_state_synchronize_rcu try_to_unmap_flush_dirty __ia32_sys_symlinkat workingset_eviction try_to_unmap_flush irq_pm_install_action isolate_lru_pages shrink_zones __delayacct_freepages_end follow_hugetlb_page early_memremap_pgprot_adjust uprobe_munmap follow_huge_pud follow_huge_pmd acpi_ns_search_one_scope scan_swap_map_try_ssd_cluster migration_entry_wait hugetlb_fault dev_pm_disable_wake_irq_check try_to_munlock mp_register_ioapic_irq __anon_vma_prepare print_worker_info tick_suspend tty_audit_fork wq_worker_sleeping tsk_fork_get_node __wake_up_pollfree acpi_hw_get_access_bit_width atomic_dec_and_mutex_lock vprintk_deferred read_current_timer calibration_delay_done __cpuhp_remove_state irq_work_needs_cpu blk_mq_sched_restart acpi_parse_entries_array clock_was_set_delayed vma_interval_tree_remove clockevents_resume clocksource_resume process_random_ready_list assoc_array_insert filename_mountpoint alloc_uevent_skb lookup_swap_cache mount_fs bsg_scsi_fill_hdr acpi_ut_get_mutex_name lockref_put_or_lock page_rmapping cpuset_mem_spread_node unmap_page_range __cpuset_node_allowed __ia32_sys_mq_open show_iret_regs vmalloc_to_pfn print_bad_pte clear_IO_APIC free_pud_range intel_ppin_init address_val kthread_bind_mask kernfs_add_one init_dl_inactive_task_timer mtrr_type_lookup __ia32_sys_swapon tick_nohz_idle_stop_tick cpuidle_get_cpu_driver clocksource_start_suspend_timing __rpm_callback device_links_busy audit_exe_compare __fsnotify_inode_delete console_sysfs_notify device_release_driver __inc_numa_state __x64_sys_reboot __acpi_map_table dput do_sanity_check security_sock_rcv_skb acpi_ns_get_type dentry_name pte_alloc_one_kernel stack_type_name tcp_get_timestamping_opt_stats __mutex_lock_killable_slowpath static_key_enable_cpuslocked switch_mm_irqs_off account_kernel_stack efi_update_mappings ip4_addr_string_sa slab_fix write_inode dquot_transfer acpi_ns_handle_to_name security_task_alloc skb_warn_bad_offload dpm_sysfs_remove init_srcu_struct_fields tick_nohz_idle_retain_tick sysfs_delete_link map_kernel_range_noflush init_worker_pool balance_dirty_pages ip6_addr_string_sa __vmalloc rq_qos_requeue PageMovable get_partial_node mempolicy_slab_node anon_vma_interval_tree_remove call_usermodehelper_exec sbitmap_get __ia32_compat_sys_move_pages rcu_start_this_gp __x64_sys_syslog get_any_partial vm_area_dup x86_configure_nx current_cpuset_is_being_rebound sg_write ioremap_wt cd_forget do_name try_to_free_buffers audit_gid_comparator refcount_dec_and_lock_irqsave arch_dup_task_struct __ia32_compat_sys_rt_sigqueueinfo access_process_vm drain_zone_pages read_persistent_clock64 intel_init_lmce acpi_dma_deconfigure blake2s_final kernfs_drain_open_files security_cred_free vprintk_store cpuset_nodemask_valid_mems_allowed acpi_get_table_header ntp_tick_length filter_cpuid_features decay_load_missed kfree calibrate_delay_is_known acpi_initialize_tables __is_insn_slot_addr allocate_probes devtmpfs_delete_node memblock_find_in_range_node ktime_get_real_ts64 add_to_page_cache_locked idr_destroy __free_one_page check_irq_resend rcu_segcblist_init __sbitmap_queue_get_shallow x86_init_rdrand mlock_vma_page __delete_from_swap_cache alloc_huge_page lockref_get_not_zero get_nohz_timer_target bus_remove_device console_unblank ___alloc_bootmem_nopanic idr_preload bad_page __x64_sys_semctl fsnotify_compare_groups walk_mem_res free_unref_page_prepare rt_mutex_adjust_pi __call_srcu kstrdup __delayacct_blkio_end unwind_get_return_address_ptr __down_timeout try_to_wake_up_local rbt_memtype_erase bprintf pcpu_find_block_fit mempolicy_nodemask_intersects unmask_irq acpi_ns_walk_namespace acpi_ev_install_xrupt_handlers rcu_note_context_switch ida_pre_get sysctl_print_dir arch_smt_update __mnt_drop_write_file acpi_tb_get_table radix_tree_iter_replace ns_get_path swap_count_continued flags_string profile_handoff_task cpuset_mems_allowed_intersects __xfrm_state_destroy __kmem_cache_create kzalloc.16404 mcheck_cpu_init acpi_hw_read_port __sprint_symbol do_writepages prepare_task_switch __d_instantiate netdev_bits acpi_ns_local clock zone_watermark_ok tc_filter_init _atomic_dec_and_lock __change_page_attr_set_clr compaction_defer_reset rq_qos_done_bio sysfs_slab_unlink wq_worker_waking_up acpi_ut_repair_name __crash_kexec __mutex_init __kernfs_new_node lockref_put_return timekeeping_suspend locks_free_lock_context peernet2id __kmem_cache_shutdown dquot_alloc_inode put_dec_trunc8 do_semtimedop free_area_init_core copy_semundo __free_pages_boot_core numa_add_cpu intel_init_cmci cpu_detect acpi_ut_create_update_state_and_push is_swbp_insn __munlock_isolate_lru_page timerslack_ns_open acpi_tb_verify_temp_table acpi_bios_warning release_pages static_key_disable_cpuslocked inode_has_buffers skb_panic cyc2ns_read_end acpi_hw_read_multiple vmalloc_sync_mappings vmalloc_sync_unmappings apply_trace_boot_options set_rq_offline trace_printk_control kernel_map_pages_in_pgd tracing_start_cmdline_record tracing_start_sched_switch shrink_inactive_list fork_idle do_send_sig_info pwq_adjust_max_active trace_event_enable_tgid_record bd_forget pgd_page_get_mm down_write ring_buffer_change_overwrite mce_setup audit_comparator security_inode_alloc start_creating.20472 shrink_dentry_list gen_pool_alloc ring_buffer_size arch_memremap_can_ram_remap __ia32_compat_sys_setsockopt kill_pid_info __queue_delayed_work =o= --- DONE! --- ------------STATISTICS--------------- 43938 : Functions greeted 133 : External functions 0 : Discovered Path 0 : Matched Path 38530 : Good Path 1651 : Bad Path 60199 : Ignored Path 0 : Path Unable to Resolve 0 : Resolved CallSite Using Function Pointer 694 : Critical Functions 152 : Critical Variables 0 : # of times max depth for forward analysis hit 0 : # of times max depth for backward analysis hit 67 : Critical Function Pointer Unable to Resolve, Collect Pass 183 : Critical Function Pointer Resolved, Collect Pass 3202 : Critical Functions used by non CallInst 26477 : Critical Functions used by static assignment 225 : # of times indirect call site matched with critical functions 19465 : # of times indirect call site failed to match with critical functions 0 : found capability check inside call using function ptr 271 : number of critical function skipped(uniq)